[PATCH 13/15] iio: health: max30100: do not use internal iio_dev lock
Nuno Sá
noname.nuno at gmail.com
Mon Sep 26 03:06:13 PDT 2022
On Sat, 2022-09-24 at 16:53 +0100, Jonathan Cameron wrote:
> On Tue, 20 Sep 2022 17:10:33 +0200
> Miquel Raynal <miquel.raynal at bootlin.com> wrote:
>
> > Hi Nuno,
> >
> > noname.nuno at gmail.com wrote on Tue, 20 Sep 2022 16:56:01 +0200:
> >
> > > On Tue, 2022-09-20 at 15:53 +0200, Miquel Raynal wrote:
> > > > Hi Nuno,
> > > >
> > > > Nuno.Sa at analog.com wrote on Tue, 20 Sep 2022 13:15:32 +0000:
> > > >
> > > > > > -----Original Message-----
> > > > > > From: Miquel Raynal <miquel.raynal at bootlin.com>
> > > > > > Sent: Tuesday, September 20, 2022 2:56 PM
> > > > > > To: Sa, Nuno <Nuno.Sa at analog.com>
> > > > > > Cc: linux-arm-kernel at lists.infradead.org;
> > > > > > linux-rockchip at lists.infradead.org;
> > > > > > linux-amlogic at lists.infradead.org; linux-imx at nxp.com;
> > > > > > linux-
> > > > > > iio at vger.kernel.org; Chunyan Zhang <zhang.lyra at gmail.com>;
> > > > > > Hennerich,
> > > > > > Michael <Michael.Hennerich at analog.com>; Martin Blumenstingl
> > > > > > <martin.blumenstingl at googlemail.com>; Sascha Hauer
> > > > > > <s.hauer at pengutronix.de>; Cixi Geng
> > > > > > <cixi.geng1 at unisoc.com>;
> > > > > > Kevin
> > > > > > Hilman <khilman at baylibre.com>; Vladimir Zapolskiy
> > > > > > <vz at mleia.com>;
> > > > > > Pengutronix Kernel Team <kernel at pengutronix.de>; Alexandru
> > > > > > Ardelean
> > > > > > <aardelean at deviqon.com>; Fabio Estevam
> > > > > > <festevam at gmail.com>;
> > > > > > Andriy
> > > > > > Tryshnivskyy <andriy.tryshnivskyy at opensynergy.com>; Haibo
> > > > > > Chen
> > > > > > <haibo.chen at nxp.com>; Shawn Guo <shawnguo at kernel.org>; Hans
> > > > > > de
> > > > > > Goede <hdegoede at redhat.com>; Jerome Brunet
> > > > > > <jbrunet at baylibre.com>;
> > > > > > Heiko Stuebner <heiko at sntech.de>; Florian Boor
> > > > > > <florian.boor at kernelconcepts.de>; Regus, Ciprian
> > > > > > <Ciprian.Regus at analog.com>; Lars-Peter Clausen
> > > > > > <lars at metafoo.de>;
> > > > > > Andy
> > > > > > Shevchenko <andy.shevchenko at gmail.com>; Jonathan Cameron
> > > > > > <jic23 at kernel.org>; Neil Armstrong
> > > > > > <narmstrong at baylibre.com>;
> > > > > > Baolin
> > > > > > Wang <baolin.wang at linux.alibaba.com>; Jyoti Bhayana
> > > > > > <jbhayana at google.com>; Chen-Yu Tsai <wens at csie.org>; Orson
> > > > > > Zhai
> > > > > > <orsonzhai at gmail.com>
> > > > > > Subject: Re: [PATCH 13/15] iio: health: max30100: do not
> > > > > > use
> > > > > > internal iio_dev
> > > > > > lock
> > > > > >
> > > > > > [External]
> > > > > >
> > > > > > Hi Nuno,
> > > > > >
> > > > > > Nuno.Sa at analog.com wrote on Tue, 20 Sep 2022 12:44:08
> > > > > > +0000:
> > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: Miquel Raynal <miquel.raynal at bootlin.com>
> > > > > > > > Sent: Tuesday, September 20, 2022 2:23 PM
> > > > > > > > To: Sa, Nuno <Nuno.Sa at analog.com>
> > > > > > > > Cc: linux-arm-kernel at lists.infradead.org; linux-
> > > > > > rockchip at lists.infradead.org;
> > > > > > > > linux-amlogic at lists.infradead.org; linux-imx at nxp.com;
> > > > > > > > linux-
> > > > > > > > iio at vger.kernel.org; Chunyan Zhang
> > > > > > > > <zhang.lyra at gmail.com>;
> > > > > > Hennerich,
> > > > > > > > Michael <Michael.Hennerich at analog.com>; Martin
> > > > > > > > Blumenstingl
> > > > > > > > <martin.blumenstingl at googlemail.com>; Sascha Hauer
> > > > > > > > <s.hauer at pengutronix.de>; Cixi Geng
> > > > > > > > <cixi.geng1 at unisoc.com>;
> > > > > > > > Kevin
> > > > > > > > Hilman <khilman at baylibre.com>; Vladimir Zapolskiy
> > > > > > > > <vz at mleia.com>;
> > > > > > > > Pengutronix Kernel Team <kernel at pengutronix.de>;
> > > > > > > > Alexandru
> > > > > > Ardelean
> > > > > > > > <aardelean at deviqon.com>; Fabio Estevam
> > > > > > > > <festevam at gmail.com>;
> > > > > > Andriy
> > > > > > > > Tryshnivskyy <andriy.tryshnivskyy at opensynergy.com>;
> > > > > > > > Haibo
> > > > > > > > Chen
> > > > > > > > <haibo.chen at nxp.com>; Shawn Guo <shawnguo at kernel.org>;
> > > > > > > > Hans
> > > > > > > > de
> > > > > > > > Goede <hdegoede at redhat.com>; Jerome Brunet
> > > > > > <jbrunet at baylibre.com>;
> > > > > > > > Heiko Stuebner <heiko at sntech.de>; Florian Boor
> > > > > > > > <florian.boor at kernelconcepts.de>; Regus, Ciprian
> > > > > > > > <Ciprian.Regus at analog.com>; Lars-Peter Clausen
> > > > > > > > <lars at metafoo.de>;
> > > > > > Andy
> > > > > > > > Shevchenko <andy.shevchenko at gmail.com>; Jonathan
> > > > > > > > Cameron
> > > > > > > > <jic23 at kernel.org>; Neil Armstrong
> > > > > > > > <narmstrong at baylibre.com>;
> > > > > > > > Baolin
> > > > > > > > Wang <baolin.wang at linux.alibaba.com>; Jyoti Bhayana
> > > > > > > > <jbhayana at google.com>; Chen-Yu Tsai <wens at csie.org>;
> > > > > > > > Orson
> > > > > > > > Zhai
> > > > > > > > <orsonzhai at gmail.com>
> > > > > > > > Subject: Re: [PATCH 13/15] iio: health: max30100: do
> > > > > > > > not use
> > > > > > > > internal
> > > > > > iio_dev
> > > > > > > > lock
> > > > > > > >
> > > > > > > > [External]
> > > > > > > >
> > > > > > > > Hi Nuno,
> > > > > > > >
> > > > > > >
> > > > > > > Hi Miquel,
> > > > > > >
> > > > > > > Thanks for reviewing...
> > > > > > >
> > > > > > > > nuno.sa at analog.com wrote on Tue, 20 Sep 2022 13:28:19
> > > > > > > > +0200:
> > > > > > > >
> > > > > > > > > The pattern used in this device does not quite fit in
> > > > > > > > > the
> > > > > > > > > iio_device_claim_direct_mode() typical usage. In this
> > > > > > > > > case,
> > > > > > > > > iio_buffer_enabled() was being used not to prevent
> > > > > > > > > the raw
> > > > > > > > > access but
> > > > > > to
> > > > > > > > > allow it. Hence to get rid of the 'mlock' we need to:
> > > > > > > > >
> > > > > > > > > 1. Use iio_device_claim_direct_mode() to check if
> > > > > > > > > direct
> > > > > > > > > mode can be
> > > > > > > > > claimed and if we can return -EINVAL (as the original
> > > > > > > > > code);
> > > > > > > > >
> > > > > > > > > 2. Make sure that buffering is not disabled while
> > > > > > > > > doing a
> > > > > > > > > raw read. For
> > > > > > > > > that, we can make use of the local lock that already
> > > > > > > > > exists.
> > > > > > > > >
> > > > > > > > > While at it, fixed a minor coding style complain...
> > > > > > > > >
> > > > > > > > > Signed-off-by: Nuno Sá <nuno.sa at analog.com>
> > > > > > > > > ---
> > > > > > > > > drivers/iio/health/max30100.c | 24
> > > > > > > > > +++++++++++++++++------
> > > > > > > > > -
> > > > > > > > > 1 file changed, 17 insertions(+), 7 deletions(-)
> > > > > > > > >
> > > > > > > > > diff --git a/drivers/iio/health/max30100.c
> > > > > > b/drivers/iio/health/max30100.c
> > > > > > > > > index ad5717965223..aa494cad5df0 100644
> > > > > > > > > --- a/drivers/iio/health/max30100.c
> > > > > > > > > +++ b/drivers/iio/health/max30100.c
> > > > > > > > > @@ -185,8 +185,19 @@ static int
> > > > > > > > > max30100_buffer_postenable(struct
> > > > > > > > iio_dev *indio_dev)
> > > > > > > > > static int max30100_buffer_predisable(struct iio_dev
> > > > > > > > > *indio_dev)
> > > > > > > > > {
> > > > > > > > > struct max30100_data *data =
> > > > > > > > > iio_priv(indio_dev);
> > > > > > > > > + int ret;
> > > > > > > > > +
> > > > > > > > > + /*
> > > > > > > > > + * As stated in the comment in the read_raw()
> > > > > > > > > function, temperature
> > > > > > > > > + * can only be acquired if the engine is
> > > > > > > > > running.
> > > > > > > > > As such the mutex
> > > > > > > > > + * is used to make sure we do not power down
> > > > > > > > > while
> > > > > > > > > doing a
> > > > > > > > temperature
> > > > > > > > > + * reading.
> > > > > > > > > + */
> > > > > > > > > + mutex_lock(&data->lock);
> > > > > > > > > + ret = max30100_set_powermode(data, false);
> > > > > > > > > + mutex_unlock(&data->lock);
> > > > > > > > >
> > > > > > > > > - return max30100_set_powermode(data, false);
> > > > > > > > > + return ret;
> > > > > > > > > }
> > > > > > > > >
> > > > > > > > > static const struct iio_buffer_setup_ops
> > > > > > > > > max30100_buffer_setup_ops
> > > > > > = {
> > > > > > > > > @@ -387,18 +398,17 @@ static int
> > > > > > > > > max30100_read_raw(struct
> > > > > > > > > iio_dev
> > > > > > > > *indio_dev,
> > > > > > > > > * Temperature reading can only be
> > > > > > > > > acquired
> > > > > > > > > while engine
> > > > > > > > > * is running
> > > > > > > > > */
> > > > > > > > > - mutex_lock(&indio_dev->mlock);
> > > > > > > > > -
> > > > > > > > > - if (!iio_buffer_enabled(indio_dev))
> > > > > > > > > + if
> > > > > > > > > (!iio_device_claim_direct_mode(indio_dev)) {
> > > > > > > >
> > > > > > > > I wonder if this line change here is really needed. I
> > > > > > > > agree
> > > > > > > > the whole
> > > > > > > > construction looks like what
> > > > > > > > iio_device_claim_direct_mode()
> > > > > > > > does but in
> > > > > > > > practice I don't see the point of acquiring any lock
> > > > > > > > here if
> > > > > > > > we just
> > > > > > > > release it no matter what happens right after.
> > > > > > > >
> > > > > > >
> > > > > > > I can see that this is odd (at the very least) but AFAIK,
> > > > > > > this
> > > > > > > is the only way
> > > > > > > to safely infer if buffering is enabled or not.
> > > > > > > iio_buffer_enabled() has no
> > > > > > > protection against someone concurrently
> > > > > > > enabling/disabling the
> > > > > > > buffer.
> > > > > >
> > > > > > Yes, but this is only relevant if you want to infer that
> > > > > > the
> > > > > > "buffers
> > > > > > are enabled" and be sure that it cannot be otherwise during
> > > > > > the
> > > > > > next
> > > > > > lines until you release the lock. Acquiring a lock, doing
> > > > > > the if
> > > > > > and
> > > > > > then unconditionally releasing the lock, IMHO, does not
> > > > > > make any
> > > > > > sense
> > > > > > (but I'm not a locking guru) because when you enter the
> > > > > > else
> > > > > > clause,
> > > > > > you are not protected anyway, so in both cases all this is
> > > > > > completely
> > > > > > racy.
> > > > > >
> > > > >
> > > > > Ahh crap, yes you are right... It is still racy since we can
> > > > > still
> > > > > try to read
> > > > > the temperature with the device powered off. I'm not really
> > > > > sure
> > > > > how to
> > > > > address this. One way could be to just use an internal
> > > > > control
> > > > > variable
> > > > > to reflect the device power state (set/clear on the buffer
> > > > > callbacks) and
> > > > > only use the local lock (completely ditching the call to
> > > > > iio_device_claim_direct_mode())...
> > > >
> > > > I tend to prefer this option than the one below.
> > > >
> > > > I guess your implementation already prevents
> > > > buffer_predisable() to
> > > > run
> > > > thanks to the local lock being held during the operation. Maybe
> > > > we
> > > > should just verify that buffers are enabled from within the
> > > > local
> > > > lock
> > > > being held instead of just acquiring it for the get_temp()
> > > > measure.
> > > > It
> > > > would probably solve the situation here.
> > > > >
> > > Not sure if I understood... You mean something like:
> > >
> > > mutex_lock(&data->lock);
> > > if (!iio_buffer_enabled(indio_dev)) {
> > > ret = -EINVAL;
> > > } else {
> > > ret = max30100_get_temp(data, val);
> > > if (!ret)
> > > ret = IIO_VAL_INT;
> > >
> > > }
> > > mutex_unlock(&data->lock);
> > >
> > > If so, I think this is still racy since we release the lock after
> > > the
> > > predisable which means we could still detect the buffers as
> > > enabled (in
> > > the above block) and try to get_temp on a powered down device.
> >
> > True.
> >
> > >
> > > Since we pretty much only care about the power state of the
> > > device (and
> > > we are using the buffering state to infer that AFAIU), I was
> > > thinking
> > > in something like:
> > >
> > >
> > > mutex_lock(&data->lock);
> > > if (!data->powered) {
> > > ret = -EINVAL;
> > > } else {
> > > ret = max30100_get_temp(data, val);
> > > if (!ret)
> > > ret = IIO_VAL_INT;
> > >
> > > }
> > > mutex_unlock(&data->lock);
> >
> > LGTM.
>
> A reference counted power up flag would probably work as we'd want to
> disable
> power only when the reference count goes to 0. Note all checks of
> that flag
> would need to be done under the lock as well.
>
Is there any way to enable a buffer more than once? Otherwise I'm not
sure we really need a refcount... Any ways, your below approach looks
good to me and surely easier.
> As an alternative...
>
> Whilst it is a serious oddity, how about flipping the logic and
> having
> an iio_device_claim_buffered_mode() that takes mlock and holds it
> only
> if we are in buffered mode - then holds it until matching release?
>
This goes along with one of my suggestions:
"A version iio_device_claim_direct_mode() that does not release the
lock in case buffering is enabled."
You just gave it a name (and one that I would not ever remember)...
> Now, I've only done a superficial audit of the buffer removal paths
> to check they hold the lock before we call predisable() but it looks
Otherwise I guess we would have to fix it :)
- Nuno Sá
More information about the Linux-rockchip
mailing list