Received: by 2002:a05:6a10:144:0:0:0:0 with SMTP id 4csp505054pxw; Fri, 8 Apr 2022 13:10:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzbqzPwSKFir0YNJ1V6Qu5P3mOmQON0AqVVqDjKI/CWf+ONwUNNZoEe512S5TE6a6CW12UZ X-Received: by 2002:a50:9d0f:0:b0:416:95a3:1611 with SMTP id v15-20020a509d0f000000b0041695a31611mr21316428ede.77.1649448638811; Fri, 08 Apr 2022 13:10:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649448638; cv=none; d=google.com; s=arc-20160816; b=NFEjJvca0QN0x6HvBB8swdCooKzsi6ICN8lAKUwtHitCAAD60q+Ou1FqIv1fNZRRm/ VsGI8IW26smHWkOmwwu08S7yqb+Sfmh9qfac0HeVGtELlUKT7hbaTBqF4nx3Jm0gJ1uW GHFQ1BmhXWxiJPipq8WiuV12BHuAwT3q689Uda3QcP3CJ2fXFQ6RVSLyD1vzTEM00nUw /zm/2rYZt16iTTm3TXtLE9HhJT1pPfY7kol4I+jtgh/1sawO5Vb/Y9cMfkpbnMWkXUbB 52DmZYaPWhuyOe1OyAP+g6cnfkZ2Yvrc4gb/SiTURoODMTxrWipb+IMd91Da0MHCifAL 2ByA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version; bh=45ajIdk2l2c0M5NveToHn951KWa5S8n2FWsDAPcmgKU=; b=Z7PDRU3SNHoOlOObtOR0/sODJCBLAlHRLzw8Dn0X9LCIjdAzTnkK5B0weN3O+64i+P NZaoEM0kj5o4qbP2IOtEy02liceMF1UxjmtY0Z1zmkE4TBvPcmAkjOsPmDG07x7MBnbg N3GaPAkJ91XX+hqdEUCVD5SZn5/RbN4nXuXffALrZOckbALAvEun/MzoOfvPOqf0HOV8 eNj/MaKER+ksEfaBpcYgf4LqbLwCmXWgJHoIDEkuHwHUTvBcK3VtANrunPi0imi114Cp uG36a62jQg3u1etiZeeWfAnHi5M1hbVRZKkxHUpegCEOcLDFZTter7sNl9qvwQ13QUAq B1Bg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j20-20020a1709062a1400b006df76385c4dsi1668609eje.237.2022.04.08.13.10.12; Fri, 08 Apr 2022 13:10:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238025AbiDHRHe (ORCPT + 99 others); Fri, 8 Apr 2022 13:07:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34134 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231408AbiDHRHb (ORCPT ); Fri, 8 Apr 2022 13:07:31 -0400 Received: from mail-yw1-f170.google.com (mail-yw1-f170.google.com [209.85.128.170]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AB4EE954A5; Fri, 8 Apr 2022 10:05:27 -0700 (PDT) Received: by mail-yw1-f170.google.com with SMTP id 00721157ae682-2e5e9025c20so103262397b3.7; Fri, 08 Apr 2022 10:05:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=45ajIdk2l2c0M5NveToHn951KWa5S8n2FWsDAPcmgKU=; b=0klrK9fRKPYWMBs3PBjLWWwqAcJqTt0olnO57GYtz+8yUowj2Z5DHfOEt6cIQoAv19 saSsmdwlK3zFXC2vpClmqZB0WcrskONg+mBGiyXUkW+S7+qNpvTo+KoXHgAK0iCSQ85K ru2TXJRwc9YKP7O8a85GVYAld+xv+zmKnzqVpgNFZlqf4D1piM+E9cotfdlMqTQ5LpVP 1Yoq2qni7Ht9qoAAO5pqHhgJwmOCVHjk/nwMB9M5c9g/ji/5bu1neqqxgiNp955tfnaC M+R1KiOekJuldhk/NE92//TpVrIS/MqjY5zFeFlh/tkSm7aWk3qrIdJmTcrpeN/cNGaO VEAw== X-Gm-Message-State: AOAM533ES3EIfLKVrSzw2cq2Apd+5RI3WpJSwO5tWF/hJfQibRVq2onc 9Hozd04LPJOyiVLYkoPTHwlNj84uU4Lup8zF1CtGglCe X-Received: by 2002:a81:7c45:0:b0:2eb:4759:cc32 with SMTP id x66-20020a817c45000000b002eb4759cc32mr16984331ywc.515.1649437526843; Fri, 08 Apr 2022 10:05:26 -0700 (PDT) MIME-Version: 1.0 References: <1836398.tdWV9SEqCh@kreacher> In-Reply-To: From: "Rafael J. Wysocki" Date: Fri, 8 Apr 2022 19:05:16 +0200 Message-ID: Subject: Re: [PATCH v1] PM: runtime: Avoid device usage count underflows To: Ulf Hansson Cc: "Rafael J. Wysocki" , Linux PM , LKML , Alan Stern Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 8, 2022 at 4:05 PM Ulf Hansson wrote: > > On Wed, 6 Apr 2022 at 21:03, Rafael J. Wysocki wrote: > > > > From: Rafael J. Wysocki > > > > A PM-runtime device usage count underflow is potentially critical, > > because it may cause a device to be suspended when it is expected to > > be operational. > > I get the point. Although, perhaps we should also state that it's a > programming problem that we would like to catch and warn about? OK, I can add that to the changelog. > > > > For this reason, (1) make rpm_check_suspend_allowed() return an error > > when the device usage count is negative to prevent devices from being > > suspended in that case, (2) introduce rpm_drop_usage_count() that will > > detect device usage count underflows, warn about them and fix them up, > > and (3) use it to drop the usage count in a few places instead of > > atomic_dec_and_test(). > > > > Signed-off-by: Rafael J. Wysocki > > --- > > drivers/base/power/runtime.c | 44 ++++++++++++++++++++++++++++++++++++------- > > 1 file changed, 37 insertions(+), 7 deletions(-) > > > > Index: linux-pm/drivers/base/power/runtime.c > > =================================================================== > > --- linux-pm.orig/drivers/base/power/runtime.c > > +++ linux-pm/drivers/base/power/runtime.c > > @@ -263,7 +263,7 @@ static int rpm_check_suspend_allowed(str > > retval = -EINVAL; > > else if (dev->power.disable_depth > 0) > > retval = -EACCES; > > - else if (atomic_read(&dev->power.usage_count) > 0) > > + else if (atomic_read(&dev->power.usage_count)) > > retval = -EAGAIN; > > else if (!dev->power.ignore_children && > > atomic_read(&dev->power.child_count)) > > @@ -1039,13 +1039,33 @@ int pm_schedule_suspend(struct device *d > > } > > EXPORT_SYMBOL_GPL(pm_schedule_suspend); > > > > +static int rpm_drop_usage_count(struct device *dev) > > +{ > > + int ret; > > + > > + ret = atomic_sub_return(1, &dev->power.usage_count); > > + if (ret >= 0) > > + return ret; > > + > > + /* > > + * Because rpm_resume() does not check the usage counter, it will resume > > + * the device even if the usage counter is 0 or negative, so it is > > + * sufficient to increment the usage counter here to reverse the change > > + * made above. > > + */ > > + atomic_inc(&dev->power.usage_count); > > Rather than this two-step process, couldn't we just do an > "atomic_add_unless(&dev->power.usage_count, -1, 0)" - and check the > return value? No, we couldn't, because atomic_add_unless() returns a bool and we need to know the new counter value (and in particular whether or not it is 0). I thought that it would be better to do the extra access in the failing case only. > > + dev_warn(dev, "Runtime PM usage count underflow!\n"); > > + return -EINVAL; > > +} > > + > > [...]