Received: by 2002:a05:6512:3d0e:0:0:0:0 with SMTP id d14csp53533lfv; Tue, 12 Apr 2022 17:01:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzqcwzIqIJAwH3vZOAd8dJ15pCQXleuXkVmQZzlyHeVTE4pE2Nm88wItHnPRCaUQ4Xrvfi7 X-Received: by 2002:a17:902:8a95:b0:156:a40a:71e5 with SMTP id p21-20020a1709028a9500b00156a40a71e5mr40163571plo.144.1649808092200; Tue, 12 Apr 2022 17:01:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649808092; cv=none; d=google.com; s=arc-20160816; b=JVhv2OYj8j7rssuoC1z0G7EectNIobsXzaNYnRz9L5zn0V9G+EO17IrErLPKwnV5rm o7Qhb2nFA9JvBpIZ6mh3YdDq/7CpZjK8rmwe8NA87LfaZavmMDah3eKJtqY+hpOncY9M H1YYQtR44F3//9tD5Cn2vBYZMDzYF5GP/LM66boL+sZRaXbeNKN82uVMq0Rr3ZFoO07a EEX/5jIecJ+PBHMERVPTLGzfJzEo+HcQDj1D9B/DnhuWaAv6lELWZ1nRamRH1DKVjGZd bsci+L+zRUW4NUZWfyQbnQL/6hDsuwqu9Brv2NSAf6h7iiy6zC8f2ib9KeqOlvZetY+L rPhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=OsswnPSPXub36sV27s63KdEV9u3Nc46OaI/VdIunfIY=; b=mQPn7gPn/bKaFTi7u7dLlQbCvYL7EobukxdzwYThMiIgwSnzmUw9qG6d14GeTbji37 K8jPV69x8mn8XiOPgC3tSXKOOC+0jLuX2PwIpIrLmyiE4Zov+YXOC1chrs4q3hWGiVBw Sb+W6ntrkkRKpGNS4XyMLsQgXuaglKcJiNCP2dkdqMh/9WN8oBOr5f6pqXIaoe2Lyl5+ kY/aXkaJkrxd0sG/ppXvcmr+D5pqwJQ1XzSvlVuEoh0qRPbVv0eSPahOG1ufLgZnsIhW OXJMZd5LbKGZ22jNPuWu61mLlRH7PSafh6QgJqnhGOAPpHh6Hp6u/Tw1XYzLHA8T21kT aV9g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=nacSmEU9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id a128-20020a636686000000b0039911b1bf43si4385555pgc.269.2022.04.12.17.01.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 Apr 2022 17:01:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=nacSmEU9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id C1E2D141FC4; Tue, 12 Apr 2022 14:57:49 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346119AbiDKMfj (ORCPT + 99 others); Mon, 11 Apr 2022 08:35:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37878 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243553AbiDKMfh (ORCPT ); Mon, 11 Apr 2022 08:35:37 -0400 Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4EE423ED1B for ; Mon, 11 Apr 2022 05:33:23 -0700 (PDT) Received: by mail-lf1-x12e.google.com with SMTP id h14so21212507lfl.2 for ; Mon, 11 Apr 2022 05:33:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=OsswnPSPXub36sV27s63KdEV9u3Nc46OaI/VdIunfIY=; b=nacSmEU90Z28U9Lo9QsaAtJzu5RtbYx3FHMucZRgfaW1vDSY9I+G7LCU7Ar+Twu6Z5 BjziRv6TGWlLl3ppx/vX6MfsESbe/KVMTghgOAMNzAMxbj0rWjqbDO6wJ6gxWuK+bW13 qmv2sjgtNOAzM4NHrIsSf6PslmWpoCzKX//19tQePjv92BE/4Jcb7/6Uwnks0VXAnYjh iXaCVpKHnKT3OX8XV7/is1KxcE/dhdSWbIuJnlRJ8qab0LkRwPlJ6JfvyQ9gs9xt2Bfh d18+IosnSbAH+FIETShNuVwikb4gJavQTSvMLE8h6aadktpB0ArWj+HUGHwZa2Uzv9fW qpBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=OsswnPSPXub36sV27s63KdEV9u3Nc46OaI/VdIunfIY=; b=iq4RkIA2SoEVx1m/HIsYTSvAUcpiS2h8kurEGyqMiJn2h4zA5Tr+2mqHsyhfJuarJq SaVV3ZL56YwmoCFPrhLYltvehilQUrlqQs8LU9oa4ccmLvI1e9DnNx2bQ5rssNQBqh0/ 920Ezl3G8TTuuMB3CeRDCPeKKepg/G1z/4f0zP9rsuFcnEznSGQvWptV+6aHCoDi8rQ5 SnMvDgS7b8xh/M3rzwNFG7DgTno++8GPIcjEsfkaoYKsBYd2WWzHPhP8fmzqNPnypKVp cUtPcmbHLHNmQmq+xR31R3mvY/7KqRHq3mUGlNcVTpcTCJemaiNMVKEDuoaTO8xLDWao gu9g== X-Gm-Message-State: AOAM5309KPqT9BWOGkkgC0LrwPiajcxR88HxEdagNIV+t2RwkaUWvcbY SJNDqSQnzYxR5IHdb4S5UovIaV558BWaqa+/MUd3GTWSAEdLpw== X-Received: by 2002:a19:e007:0:b0:44a:a22d:2d49 with SMTP id x7-20020a19e007000000b0044aa22d2d49mr8496790lfg.254.1649680401433; Mon, 11 Apr 2022 05:33:21 -0700 (PDT) MIME-Version: 1.0 References: <1836398.tdWV9SEqCh@kreacher> In-Reply-To: From: Ulf Hansson Date: Mon, 11 Apr 2022 14:32:44 +0200 Message-ID: Subject: Re: [PATCH v1] PM: runtime: Avoid device usage count underflows To: "Rafael J. Wysocki" Cc: "Rafael J. Wysocki" , Linux PM , LKML , Alan Stern Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 11 Apr 2022 at 13:29, Rafael J. Wysocki wrote: > > On Mon, Apr 11, 2022 at 12:36 PM Ulf Hansson wrote: > > > > On Fri, 8 Apr 2022 at 19:05, Rafael J. Wysocki wrote: > > > > > > On Fri, Apr 8, 2022 at 4:05 PM Ulf Hansson wrote: > > > > > > > > On Wed, 6 Apr 2022 at 21:03, Rafael J. Wysocki wrote: > > > > > > > > > > From: Rafael J. Wysocki > > > > > > > > > > A PM-runtime device usage count underflow is potentially critical, > > > > > because it may cause a device to be suspended when it is expected to > > > > > be operational. > > > > > > > > I get the point. Although, perhaps we should also state that it's a > > > > programming problem that we would like to catch and warn about? > > > > > > OK, I can add that to the changelog. > > > > > > > > > > > > > For this reason, (1) make rpm_check_suspend_allowed() return an error > > > > > when the device usage count is negative to prevent devices from being > > > > > suspended in that case, (2) introduce rpm_drop_usage_count() that will > > > > > detect device usage count underflows, warn about them and fix them up, > > > > > and (3) use it to drop the usage count in a few places instead of > > > > > atomic_dec_and_test(). > > > > > > > > > > Signed-off-by: Rafael J. Wysocki > > > > > --- > > > > > drivers/base/power/runtime.c | 44 ++++++++++++++++++++++++++++++++++++------- > > > > > 1 file changed, 37 insertions(+), 7 deletions(-) > > > > > > > > > > Index: linux-pm/drivers/base/power/runtime.c > > > > > =================================================================== > > > > > --- linux-pm.orig/drivers/base/power/runtime.c > > > > > +++ linux-pm/drivers/base/power/runtime.c > > > > > @@ -263,7 +263,7 @@ static int rpm_check_suspend_allowed(str > > > > > retval = -EINVAL; > > > > > else if (dev->power.disable_depth > 0) > > > > > retval = -EACCES; > > > > > - else if (atomic_read(&dev->power.usage_count) > 0) > > > > > + else if (atomic_read(&dev->power.usage_count)) > > > > > retval = -EAGAIN; > > > > > else if (!dev->power.ignore_children && > > > > > atomic_read(&dev->power.child_count)) > > > > > @@ -1039,13 +1039,33 @@ int pm_schedule_suspend(struct device *d > > > > > } > > > > > EXPORT_SYMBOL_GPL(pm_schedule_suspend); > > > > > > > > > > +static int rpm_drop_usage_count(struct device *dev) > > > > > +{ > > > > > + int ret; > > > > > + > > > > > + ret = atomic_sub_return(1, &dev->power.usage_count); > > > > > + if (ret >= 0) > > > > > + return ret; > > > > > + > > > > > + /* > > > > > + * Because rpm_resume() does not check the usage counter, it will resume > > > > > + * the device even if the usage counter is 0 or negative, so it is > > > > > + * sufficient to increment the usage counter here to reverse the change > > > > > + * made above. > > > > > + */ > > > > > + atomic_inc(&dev->power.usage_count); > > > > > > > > Rather than this two-step process, couldn't we just do an > > > > "atomic_add_unless(&dev->power.usage_count, -1, 0)" - and check the > > > > return value? > > > > > > No, we couldn't, because atomic_add_unless() returns a bool and we > > > need to know the new counter value (and in particular whether or not > > > it is 0). > > > > atomic_add_unless(&dev->power.usage_count, -1, 0) would return true as > > long as the counter value is greater than 0. > > Yes, and it in particular, when the current value of the counter is 1 > before the operation IIUC. > > So after the operation it is 0 and true will be returned, won't it? > But that's exactly the case we want to catch. > > > If the counter has become 0, atomic_add_unless() would return false > > and not continue to decrease the value below zero. Isn't this exactly > > what we want? > > Not really. > > We want to detect transitions from 0 to 1 which is the case when the > device can be suspended. I assume you mean from 1 to 0. In any case, I see what you mean by now, sorry for the noise. Then feel free to add: Reviewed-by: Ulf Hansson Kind regards Uffe