[PATCH] driver/rtc/class.c: check the error after rtc_read_time()

[PATCH] driver/rtc/class.c: check the error after rtc_read_time()

[Hyogi Gim]

In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not
checked. If rtc device fail to read time, we cannot guarantee the following
process.

Add the verification code for returned rtc_read_time() error.

Signed-off-by: Hyogi Gim <hyogi.gim@lge.com>
---
 drivers/rtc/class.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/drivers/rtc/class.c b/drivers/rtc/class.c
index 589351e..38e26be 100644
--- a/drivers/rtc/class.c
+++ b/drivers/rtc/class.c
@@ -53,6 +53,7 @@ static int rtc_suspend(struct device *dev)
 	struct rtc_device	*rtc = to_rtc_device(dev);
 	struct rtc_time		tm;
 	struct timespec		delta, delta_delta;
+	int err;
 
 	if (has_persistent_clock())
 		return 0;
@@ -61,7 +62,12 @@ static int rtc_suspend(struct device *dev)
 		return 0;
 
 	/* snapshot the current RTC and system time at suspend*/
-	rtc_read_time(rtc, &tm);
+	err = rtc_read_time(rtc, &tm);
+	if (err < 0) {
+		pr_debug("%s:  fail to read rtc time\n", dev_name(&rtc->dev));
+		return 0;
+	}
+
 	getnstimeofday(&old_system);
 	rtc_tm_to_time(&tm, &old_rtc.tv_sec);
 
@@ -94,6 +100,7 @@ static int rtc_resume(struct device *dev)
 	struct rtc_time		tm;
 	struct timespec		new_system, new_rtc;
 	struct timespec		sleep_time;
+	int err;
 
 	if (has_persistent_clock())
 		return 0;
@@ -104,7 +111,12 @@ static int rtc_resume(struct device *dev)
 
 	/* snapshot the current rtc and system time at resume */
 	getnstimeofday(&new_system);
-	rtc_read_time(rtc, &tm);
+	err = rtc_read_time(rtc, &tm);
+	if (err < 0) {
+		pr_debug("%s:  fail to read rtc time\n", dev_name(&rtc->dev));
+		return 0;
+	}
+
 	if (rtc_valid_tm(&tm) != 0) {
 		pr_debug("%s:  bogus resume time\n", dev_name(&rtc->dev));
 		return 0;
-- 
1.8.3.2

Re: [PATCH] driver/rtc/class.c: check the error after rtc_read_time()

[Andrew Morton]

On Tue, 15 Jul 2014 17:25:23 +0900 Hyogi Gim <hyogi.gim@lge.com> wrote:

> In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not
> checked. If rtc device fail to read time, we cannot guarantee the following
> process.
> 
> Add the verification code for returned rtc_read_time() error.
> 
> ...
>
> --- a/drivers/rtc/class.c
> +++ b/drivers/rtc/class.c
> @@ -53,6 +53,7 @@ static int rtc_suspend(struct device *dev)
>  	struct rtc_device	*rtc = to_rtc_device(dev);
>  	struct rtc_time		tm;
>  	struct timespec		delta, delta_delta;
> +	int err;
>  
>  	if (has_persistent_clock())
>  		return 0;
> @@ -61,7 +62,12 @@ static int rtc_suspend(struct device *dev)
>  		return 0;
>  
>  	/* snapshot the current RTC and system time at suspend*/
> -	rtc_read_time(rtc, &tm);
> +	err = rtc_read_time(rtc, &tm);
> +	if (err < 0) {
> +		pr_debug("%s:  fail to read rtc time\n", dev_name(&rtc->dev));
> +		return 0;
> +	}

OK, it makes no sense to go ahead and set the system time from a
garbage rtc_time.

But I'm wondering if we should propagate the error back to the
rtc_suspend() caller.  What does the PM core do if a particular
device's ->suspend or ->resume fails?

>  	getnstimeofday(&old_system);
>  	rtc_tm_to_time(&tm, &old_rtc.tv_sec);
>  
> @@ -94,6 +100,7 @@ static int rtc_resume(struct device *dev)
>  	struct rtc_time		tm;
>  	struct timespec		new_system, new_rtc;
>  	struct timespec		sleep_time;
> +	int err;
>  
>  	if (has_persistent_clock())
>  		return 0;
> @@ -104,7 +111,12 @@ static int rtc_resume(struct device *dev)
>  
>  	/* snapshot the current rtc and system time at resume */
>  	getnstimeofday(&new_system);
> -	rtc_read_time(rtc, &tm);
> +	err = rtc_read_time(rtc, &tm);
> +	if (err < 0) {
> +		pr_debug("%s:  fail to read rtc time\n", dev_name(&rtc->dev));
> +		return 0;
> +	}
> +
>  	if (rtc_valid_tm(&tm) != 0) {
>  		pr_debug("%s:  bogus resume time\n", dev_name(&rtc->dev));
>  		return 0;

Re: [PATCH] driver/rtc/class.c: check the error after rtc_read_time()

[Rafael J. Wysocki]

On Wednesday, July 23, 2014 02:56:34 PM Andrew Morton wrote:
> On Tue, 15 Jul 2014 17:25:23 +0900 Hyogi Gim <hyogi.gim@lge.com> wrote:
> 
> > In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not
> > checked. If rtc device fail to read time, we cannot guarantee the following
> > process.
> > 
> > Add the verification code for returned rtc_read_time() error.
> > 
> > ...
> >
> > --- a/drivers/rtc/class.c
> > +++ b/drivers/rtc/class.c
> > @@ -53,6 +53,7 @@ static int rtc_suspend(struct device *dev)
> >  	struct rtc_device	*rtc = to_rtc_device(dev);
> >  	struct rtc_time		tm;
> >  	struct timespec		delta, delta_delta;
> > +	int err;
> >  
> >  	if (has_persistent_clock())
> >  		return 0;
> > @@ -61,7 +62,12 @@ static int rtc_suspend(struct device *dev)
> >  		return 0;
> >  
> >  	/* snapshot the current RTC and system time at suspend*/
> > -	rtc_read_time(rtc, &tm);
> > +	err = rtc_read_time(rtc, &tm);
> > +	if (err < 0) {
> > +		pr_debug("%s:  fail to read rtc time\n", dev_name(&rtc->dev));
> > +		return 0;
> > +	}
> 
> OK, it makes no sense to go ahead and set the system time from a
> garbage rtc_time.
> 
> But I'm wondering if we should propagate the error back to the
> rtc_suspend() caller.  What does the PM core do if a particular
> device's ->suspend or ->resume fails?

It aborts the suspend.

Rafael

Re: [PATCH] driver/rtc/class.c: check the error after rtc_read_time()

[Rafael J. Wysocki]

On Thursday, July 24, 2014 01:47:57 AM Rafael J. Wysocki wrote:
> On Wednesday, July 23, 2014 02:56:34 PM Andrew Morton wrote:
> > On Tue, 15 Jul 2014 17:25:23 +0900 Hyogi Gim <hyogi.gim@lge.com> wrote:
> > 
> > > In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not
> > > checked. If rtc device fail to read time, we cannot guarantee the following
> > > process.
> > > 
> > > Add the verification code for returned rtc_read_time() error.
> > > 
> > > ...
> > >
> > > --- a/drivers/rtc/class.c
> > > +++ b/drivers/rtc/class.c
> > > @@ -53,6 +53,7 @@ static int rtc_suspend(struct device *dev)
> > >  	struct rtc_device	*rtc = to_rtc_device(dev);
> > >  	struct rtc_time		tm;
> > >  	struct timespec		delta, delta_delta;
> > > +	int err;
> > >  
> > >  	if (has_persistent_clock())
> > >  		return 0;
> > > @@ -61,7 +62,12 @@ static int rtc_suspend(struct device *dev)
> > >  		return 0;
> > >  
> > >  	/* snapshot the current RTC and system time at suspend*/
> > > -	rtc_read_time(rtc, &tm);
> > > +	err = rtc_read_time(rtc, &tm);
> > > +	if (err < 0) {
> > > +		pr_debug("%s:  fail to read rtc time\n", dev_name(&rtc->dev));
> > > +		return 0;
> > > +	}
> > 
> > OK, it makes no sense to go ahead and set the system time from a
> > garbage rtc_time.
> > 
> > But I'm wondering if we should propagate the error back to the
> > rtc_suspend() caller.  What does the PM core do if a particular
> > device's ->suspend or ->resume fails?
> 
> It aborts the suspend.

I mean, if ->suspend fails, the suspend is aborted.

If ->resume fails, on the other hand, we cannot do much more than logging
an error message.

Rafael

Re: [PATCH] driver/rtc/class.c: check the error after rtc_read_time()

[Andrew Morton]

On Thu, 24 Jul 2014 01:49:44 +0200 "Rafael J. Wysocki" <rjw@rjwysocki.net> wrote:

> On Thursday, July 24, 2014 01:47:57 AM Rafael J. Wysocki wrote:
> > On Wednesday, July 23, 2014 02:56:34 PM Andrew Morton wrote:
> > > On Tue, 15 Jul 2014 17:25:23 +0900 Hyogi Gim <hyogi.gim@lge.com> wrote:
> > > 
> > > > In rtc_suspend() and rtc_resume(), the error after rtc_read_time() is not
> > > > checked. If rtc device fail to read time, we cannot guarantee the following
> > > > process.
> > > > 
> > > > Add the verification code for returned rtc_read_time() error.
> > > > 
> > > > ...
> > > >
> > > > --- a/drivers/rtc/class.c
> > > > +++ b/drivers/rtc/class.c
> > > > @@ -53,6 +53,7 @@ static int rtc_suspend(struct device *dev)
> > > >  	struct rtc_device	*rtc = to_rtc_device(dev);
> > > >  	struct rtc_time		tm;
> > > >  	struct timespec		delta, delta_delta;
> > > > +	int err;
> > > >  
> > > >  	if (has_persistent_clock())
> > > >  		return 0;
> > > > @@ -61,7 +62,12 @@ static int rtc_suspend(struct device *dev)
> > > >  		return 0;
> > > >  
> > > >  	/* snapshot the current RTC and system time at suspend*/
> > > > -	rtc_read_time(rtc, &tm);
> > > > +	err = rtc_read_time(rtc, &tm);
> > > > +	if (err < 0) {
> > > > +		pr_debug("%s:  fail to read rtc time\n", dev_name(&rtc->dev));
> > > > +		return 0;
> > > > +	}
> > > 
> > > OK, it makes no sense to go ahead and set the system time from a
> > > garbage rtc_time.
> > > 
> > > But I'm wondering if we should propagate the error back to the
> > > rtc_suspend() caller.  What does the PM core do if a particular
> > > device's ->suspend or ->resume fails?
> > 
> > It aborts the suspend.
> 
> I mean, if ->suspend fails, the suspend is aborted.

So what should rtc do in this case?  At present it pretends the read
succeeded.  Either way, this doesn't seem to be the place to be making
such policy decisions..

Re: [PATCH] driver/rtc/class.c: check the error after rtc_read_time()

[Hyogi Gim]

On 07/24/2014 09:19 AM, Andrew Morton wrote:
> 
> So what should rtc do in this case?  At present it pretends the read
> succeeded.  Either way, this doesn't seem to be the place to be making
> such policy decisions..
> 
> 
> 

I agree. But, in this case, RTC device driver can not do anything. And if       
rtc_suspend() returns a minus value, then suspend will be aborted. So,          
in the worst case, suspend will be failed continually. I think this is not      
good.                                                                           
                                                                                
Most RTC device drivers don't verify the read time value. Even some drivers     
just return '0' value(omap, tegra, ...). So, I think the higher level           
framework like /drivers/rtc/interface.c should check and handle the rtc         
read time.