driver/rtc/class.c: check the error after rtc_read_time()

In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not
checked. If rtc device fail to read time, we cannot guarantee the following
process.

Add the verification code for returned rtc_read_time() error.

Signed-off-by: Hyogi Gim <hyogi.gim@lge.com>
---
 drivers/rtc/class.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

On Tue, 15 Jul 2014 17:25:23 +0900 Hyogi Gim <hyogi.gim@lge.com> wrote:

> In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not
> checked. If rtc device fail to read time, we cannot guarantee the following
> process.
> 
> Add the verification code for returned rtc_read_time() error.
> 
> ...
>
> --- a/drivers/rtc/class.c
> +++ b/drivers/rtc/class.c
> @@ -53,6 +53,7 @@ static int rtc_suspend(struct device *dev)
>  	struct rtc_device	*rtc = to_rtc_device(dev);
>  	struct rtc_time		tm;
>  	struct timespec		delta, delta_delta;
> +	int err;
>  
>  	if (has_persistent_clock())
>  		return 0;
> @@ -61,7 +62,12 @@ static int rtc_suspend(struct device *dev)
>  		return 0;
>  
>  	/* snapshot the current RTC and system time at suspend*/
> -	rtc_read_time(rtc, &tm);
> +	err = rtc_read_time(rtc, &tm);
> +	if (err < 0) {
> +		pr_debug("%s:  fail to read rtc time\n", dev_name(&rtc->dev));
> +		return 0;
> +	}

OK, it makes no sense to go ahead and set the system time from a
garbage rtc_time.

But I'm wondering if we should propagate the error back to the
rtc_suspend() caller.  What does the PM core do if a particular
device's ->suspend or ->resume fails?

>  	getnstimeofday(&old_system);
>  	rtc_tm_to_time(&tm, &old_rtc.tv_sec);
>  
> @@ -94,6 +100,7 @@ static int rtc_resume(struct device *dev)
>  	struct rtc_time		tm;
>  	struct timespec		new_system, new_rtc;
>  	struct timespec		sleep_time;
> +	int err;
>  
>  	if (has_persistent_clock())
>  		return 0;
> @@ -104,7 +111,12 @@ static int rtc_resume(struct device *dev)
>  
>  	/* snapshot the current rtc and system time at resume */
>  	getnstimeofday(&new_system);
> -	rtc_read_time(rtc, &tm);
> +	err = rtc_read_time(rtc, &tm);
> +	if (err < 0) {
> +		pr_debug("%s:  fail to read rtc time\n", dev_name(&rtc->dev));
> +		return 0;
> +	}
> +
>  	if (rtc_valid_tm(&tm) != 0) {
>  		pr_debug("%s:  bogus resume time\n", dev_name(&rtc->dev));
>  		return 0;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

On Wednesday, July 23, 2014 02:56:34 PM Andrew Morton wrote:
> On Tue, 15 Jul 2014 17:25:23 +0900 Hyogi Gim <hyogi.gim@lge.com> wrote:
> 
> > In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not
> > checked. If rtc device fail to read time, we cannot guarantee the following
> > process.
> > 
> > Add the verification code for returned rtc_read_time() error.
> > 
> > ...
> >
> > --- a/drivers/rtc/class.c
> > +++ b/drivers/rtc/class.c
> > @@ -53,6 +53,7 @@ static int rtc_suspend(struct device *dev)
> >  	struct rtc_device	*rtc = to_rtc_device(dev);
> >  	struct rtc_time		tm;
> >  	struct timespec		delta, delta_delta;
> > +	int err;
> >  
> >  	if (has_persistent_clock())
> >  		return 0;
> > @@ -61,7 +62,12 @@ static int rtc_suspend(struct device *dev)
> >  		return 0;
> >  
> >  	/* snapshot the current RTC and system time at suspend*/
> > -	rtc_read_time(rtc, &tm);
> > +	err = rtc_read_time(rtc, &tm);
> > +	if (err < 0) {
> > +		pr_debug("%s:  fail to read rtc time\n", dev_name(&rtc->dev));
> > +		return 0;
> > +	}
> 
> OK, it makes no sense to go ahead and set the system time from a
> garbage rtc_time.
> 
> But I'm wondering if we should propagate the error back to the
> rtc_suspend() caller.  What does the PM core do if a particular
> device's ->suspend or ->resume fails?

It aborts the suspend.

Rafael

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

On Thursday, July 24, 2014 01:47:57 AM Rafael J. Wysocki wrote:
> On Wednesday, July 23, 2014 02:56:34 PM Andrew Morton wrote:
> > On Tue, 15 Jul 2014 17:25:23 +0900 Hyogi Gim <hyogi.gim@lge.com> wrote:
> > 
> > > In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not
> > > checked. If rtc device fail to read time, we cannot guarantee the following
> > > process.
> > > 
> > > Add the verification code for returned rtc_read_time() error.
> > > 
> > > ...
> > >
> > > --- a/drivers/rtc/class.c
> > > +++ b/drivers/rtc/class.c
> > > @@ -53,6 +53,7 @@ static int rtc_suspend(struct device *dev)
> > >  	struct rtc_device	*rtc = to_rtc_device(dev);
> > >  	struct rtc_time		tm;
> > >  	struct timespec		delta, delta_delta;
> > > +	int err;
> > >  
> > >  	if (has_persistent_clock())
> > >  		return 0;
> > > @@ -61,7 +62,12 @@ static int rtc_suspend(struct device *dev)
> > >  		return 0;
> > >  
> > >  	/* snapshot the current RTC and system time at suspend*/
> > > -	rtc_read_time(rtc, &tm);
> > > +	err = rtc_read_time(rtc, &tm);
> > > +	if (err < 0) {
> > > +		pr_debug("%s:  fail to read rtc time\n", dev_name(&rtc->dev));
> > > +		return 0;
> > > +	}
> > 
> > OK, it makes no sense to go ahead and set the system time from a
> > garbage rtc_time.
> > 
> > But I'm wondering if we should propagate the error back to the
> > rtc_suspend() caller.  What does the PM core do if a particular
> > device's ->suspend or ->resume fails?
> 
> It aborts the suspend.

I mean, if ->suspend fails, the suspend is aborted.

If ->resume fails, on the other hand, we cannot do much more than logging
an error message.

Rafael

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

On Thu, 24 Jul 2014 01:49:44 +0200 "Rafael J. Wysocki" <rjw@rjwysocki.net> wrote:

> On Thursday, July 24, 2014 01:47:57 AM Rafael J. Wysocki wrote:
> > On Wednesday, July 23, 2014 02:56:34 PM Andrew Morton wrote:
> > > On Tue, 15 Jul 2014 17:25:23 +0900 Hyogi Gim <hyogi.gim@lge.com> wrote:
> > > 
> > > > In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not
> > > > checked. If rtc device fail to read time, we cannot guarantee the following
> > > > process.
> > > > 
> > > > Add the verification code for returned rtc_read_time() error.
> > > > 
> > > > ...
> > > >
> > > > --- a/drivers/rtc/class.c
> > > > +++ b/drivers/rtc/class.c
> > > > @@ -53,6 +53,7 @@ static int rtc_suspend(struct device *dev)
> > > >  	struct rtc_device	*rtc = to_rtc_device(dev);
> > > >  	struct rtc_time		tm;
> > > >  	struct timespec		delta, delta_delta;
> > > > +	int err;
> > > >  
> > > >  	if (has_persistent_clock())
> > > >  		return 0;
> > > > @@ -61,7 +62,12 @@ static int rtc_suspend(struct device *dev)
> > > >  		return 0;
> > > >  
> > > >  	/* snapshot the current RTC and system time at suspend*/
> > > > -	rtc_read_time(rtc, &tm);
> > > > +	err = rtc_read_time(rtc, &tm);
> > > > +	if (err < 0) {
> > > > +		pr_debug("%s:  fail to read rtc time\n", dev_name(&rtc->dev));
> > > > +		return 0;
> > > > +	}
> > > 
> > > OK, it makes no sense to go ahead and set the system time from a
> > > garbage rtc_time.
> > > 
> > > But I'm wondering if we should propagate the error back to the
> > > rtc_suspend() caller.  What does the PM core do if a particular
> > > device's ->suspend or ->resume fails?
> > 
> > It aborts the suspend.
> 
> I mean, if ->suspend fails, the suspend is aborted.

So what should rtc do in this case?  At present it pretends the read
succeeded.  Either way, this doesn't seem to be the place to be making
such policy decisions..


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

On 07/24/2014 09:19 AM, Andrew Morton wrote:
> 
> So what should rtc do in this case?  At present it pretends the read
> succeeded.  Either way, this doesn't seem to be the place to be making
> such policy decisions..
> 
> 
> 

I agree. But, in this case, RTC device driver can not do anything. And if       
rtc_suspend() returns a minus value, then suspend will be aborted. So,          
in the worst case, suspend will be failed continually. I think this is not      
good.                                                                           
                                                                                
Most RTC device drivers don't verify the read time value. Even some drivers     
just return '0' value(omap, tegra, ...). So, I think the higher level           
framework like /drivers/rtc/interface.c should check and handle the rtc         
read time.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/