Re: [PATCH 1/2] gpio: omap: return error if requested debounce time is not possible

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 17 Mar 2017 13:54:28 -0500
Grygorii Strashko <grygorii.strashko@xxxxxx> wrote:

> On 03/17/2017 12:54 PM, David Rivshin wrote:
> > Hi Grygorii,
> > 
> > On Fri, 17 Mar 2017 11:45:56 -0500
> > Grygorii Strashko <grygorii.strashko@xxxxxx> wrote:
> >   
> >> On 03/16/2017 07:57 PM, David Rivshin wrote:  
> >>> From: David Rivshin <DRivshin@xxxxxxxxxxx>
> >>>
> >>> omap_gpio_debounce() does not validate that the requested debounce
> >>> is within a range it can handle. Instead it lets the register value
> >>> wrap silently, and always returns success.
> >>>
> >>> This can lead to all sorts of unexpected behavior, such as gpio_keys
> >>> asking for a too-long debounce, but getting a very short debounce in
> >>> practice.
> >>>
> >>> Fix this by returning -EINVAL if the requested value does not fit into
> >>> the register field. If there is no debounce clock available at all,
> >>> return -ENOTSUPP.    
> >>
> >> In general this patch looks good, but there is one thing I'm worry about..
> >>  
> >>>
> >>> Fixes: e85ec6c3047b ("gpio: omap: fix omap2_set_gpio_debounce")
> >>> Cc: <stable@xxxxxxxxxxxxxxx> # 4.3+
> >>> Signed-off-by: David Rivshin <drivshin@xxxxxxxxxxx>
> >>> ---
> >>>  drivers/gpio/gpio-omap.c | 16 +++++++++++-----
> >>>  1 file changed, 11 insertions(+), 5 deletions(-)
> >>>
> >>> diff --git a/drivers/gpio/gpio-omap.c b/drivers/gpio/gpio-omap.c
> >>> index efc85a2..33ec02d 100644
> >>> --- a/drivers/gpio/gpio-omap.c
> >>> +++ b/drivers/gpio/gpio-omap.c
> >>> @@ -208,8 +208,10 @@ static inline void omap_gpio_dbck_disable(struct gpio_bank *bank)
> >>>   * OMAP's debounce time is in 31us steps
> >>>   *   <debounce time> = (GPIO_DEBOUNCINGTIME[7:0].DEBOUNCETIME + 1) x 31
> >>>   * so we need to convert and round up to the closest unit.
> >>> + *
> >>> + * Return: 0 on success, negative error otherwise.
> >>>   */
> >>> -static void omap2_set_gpio_debounce(struct gpio_bank *bank, unsigned offset,
> >>> +static int omap2_set_gpio_debounce(struct gpio_bank *bank, unsigned offset,
> >>>  				    unsigned debounce)
> >>>  {
> >>>  	void __iomem		*reg;
> >>> @@ -218,11 +220,12 @@ static void omap2_set_gpio_debounce(struct gpio_bank *bank, unsigned offset,
> >>>  	bool			enable = !!debounce;
> >>>  
> >>>  	if (!bank->dbck_flag)
> >>> -		return;
> >>> +		return -ENOTSUPP;
> >>>  
> >>>  	if (enable) {
> >>>  		debounce = DIV_ROUND_UP(debounce, 31) - 1;
> >>> -		debounce &= OMAP4_GPIO_DEBOUNCINGTIME_MASK;
> >>> +		if ((debounce & OMAP4_GPIO_DEBOUNCINGTIME_MASK) != debounce)
> >>> +			return -EINVAL;    
> >>
> >> This might cause boot issues as current drivers may expect this op to succeed even if
> >> configured value is wrong - just think, may be we can do warn here and use max value as
> >> fallback?  
> > 
> > I have not looked through all drivers to be sure, but at least the gpio-keys 
> > driver requires set_debounce to return an error if it can't satisfy the request. 
> > In that case gpio-keys will use a software timer instead. 
> > 
> >                 if (button->debounce_interval) {
> >                         error = gpiod_set_debounce(bdata->gpiod,
> >                                         button->debounce_interval * 1000);
> >                         /* use timer if gpiolib doesn't provide debounce */
> >                         if (error < 0)
> >                                 bdata->software_debounce =
> >                                                 button->debounce_interval;
> >                 }
> > 
> > Also, at least some other GPIO drivers (e.g. gpio-max7760) return -EINVAL in 
> > such a case. And gpiolib will return -ENOTSUPP if there is no debounce 
> > callback at all. So I expect all drivers which use gpiod_set_debounce() to 
> > handle error returns gracefully. 
> > 
> > So I certainly understand the concern about backwards compatibility, but I 
> > think clipping to max is the greater of the evils in this case. Even a 
> > warning may be too much, because it's not necessarily anything wrong. 
> > Perhaps an info or debug message would be helpful, though?
> > 
> > If you prefer, I can try to go through all callers of gpiod_set_debounce()
> > and see how they'd handle an error return. The handful I've looked through so 
> > far all behave like gpio-keys. The only ones I'd be particularly concerned
> > about are platform-specific drivers which were perhaps never used with other
> > gpio drivers. Do you know of that I should pay special attention to?  
> 
> Yeh agree. But the problem here will be not only with drivers itself - it can be wrong data in DT :(
> As result, even  gpio-keys driver will just silently switch to software_debounce
> without any notification.

I think that switching to software_debounce silently is exactly the 
intended/desired behavior of gpio-keys (and other drivers). For example, 
if the DT requests a 20ms debounce on a gpio-key, the existing math
resulted in a hardware debounce of just 2ms. With the error return,
gpio-keys would silently switch to software_debounce of the requested
20ms (potentially longer if the CPU is busy, but I don't think that's
a problem for correctness), exactly what the DT asked for.

Of course that would be a change in behavior for any such existing DT,
and it's conceivable that the DT for some HW is somehow relying on that 
previous incorrect behavior. I suspect it's more likely that they are
silently broken, and no-one has noticed. A quick search of some in-tree
DTs finds most debounce times are 5ms (which has no issue), and then
these three examples (all happen to be gpio-keys):
  am335x-shc.dts:                 debounce-interval = <1000>;
  am335x-shc.dts:                 debounce-interval = <1000>;
  omap5-uevm.dts:                 debounce_interval = <50>;
The first two currently result in a HW debounce of about 4ms. The
third would be 2.5ms, except it's the wrong property name so it
does nothing (it gets the default gpio-keys debounce of 5ms).

Not having seen any of that hardware, I can't say for certain what the 
true HW requirements are. 1000ms does seem like a long debounce, perhaps 
the author meant 1ms (1000us) for those buttons? Or perhaps it really 
needs a 1000ms debounce, and is currently wrong?

> 
> But agree - max might not be a good choose, so can you add dev_err() below, pls. 

Given the above, I personally feel that a dev_err() is undesirable in most
cases. If I have a system and matching DT that just happens to need a longer
debounce than the GPIO HW is capable of, gpio-keys (etc) does the best it can automatically. I don't consider that there is any error in that case, or
anything to be fixed.
I can understanding wanting to draw attention to a change in behavior (just 
in case the DT is incorrect), but I'd personally lean towards dev_info() if 
anything. 

That said: if you still prefer dev_err(), I will certainly do so.


Tangent: 
This discussion makes me think that adding a gpiod_get_max_debounce() 
would allow even better behavior. Then asking for a too-high debounce 
could be a dev_err() in all gpio drivers, with the expectation that no 
driver should ask for such. Also, drivers could do something like use 
max hardware debounce plus a software debounce for the remaining time, 
in order to avoid CPU overhead on short glitches. 

> >>  
> >>>  	}
> >>>  
> >>>  	l = BIT(offset);
> >>> @@ -255,6 +258,8 @@ static void omap2_set_gpio_debounce(struct gpio_bank *bank, unsigned offset,
> >>>  		bank->context.debounce = debounce;
> >>>  		bank->context.debounce_en = val;
> >>>  	}
> >>> +
> >>> +	return 0;
> >>>  }
> >>>  
> >>>  /**
> >>> @@ -964,14 +969,15 @@ static int omap_gpio_debounce(struct gpio_chip *chip, unsigned offset,
> >>>  {
> >>>  	struct gpio_bank *bank;
> >>>  	unsigned long flags;
> >>> +	int ret;
> >>>  
> >>>  	bank = gpiochip_get_data(chip);
> >>>  
> >>>  	raw_spin_lock_irqsave(&bank->lock, flags);
> >>> -	omap2_set_gpio_debounce(bank, offset, debounce);
> >>> +	ret = omap2_set_gpio_debounce(bank, offset, debounce);
> >>>  	raw_spin_unlock_irqrestore(&bank->lock, flags);  
> 
> if (ret) dev_err();
> 
> >>>  
> >>> -	return 0;
> >>> +	return ret;
> >>>  }
> >>>  
> >>>  static int omap_gpio_set_config(struct gpio_chip *chip, unsigned offset,
> >>>     
> >>  
> > 
> >   
> 




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]