NetBSD Problem Report #57576

From www@netbsd.org  Wed Aug  9 07:33:53 2023
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 645B01A9238
	for <gnats-bugs@gnats.NetBSD.org>; Wed,  9 Aug 2023 07:33:53 +0000 (UTC)
Message-Id: <20230809073352.124601A923A@mollari.NetBSD.org>
Date: Wed,  9 Aug 2023 07:33:52 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: pmf(9) suspend/resume semantic guarantees are incoherent
X-Send-Pr-Version: www-1.0

>Number:         57576
>Category:       kern
>Synopsis:       pmf(9) suspend/resume semantic guarantees are incoherent
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Aug 09 07:35:00 +0000 2023
>Originator:     Taylor R Campbell
>Release:        current
>Organization:
The NetBSD Foundation (failed).
>Environment:
>Description:
1. If a suspend function fails, will the resume function be called on system resume?
2. If a suspend function fails, will the resume function ever be called before the next call to the suspend function?
3. If a suspend function fails, will it be called again on the next attempt to suspend the system?
4. If a resume function fails, will the suspend function be called on the next attempt to suspend the system?
5. If a resume function fails, will it ever be called again?

These are essential parts of the API contract and need to be clearly spelled out so drivers can handle all the cases they need to handle.

It's not clear that it's even useful for suspend functions to be able to fail.  When suspend is requested, it is absolutely critical for the system to be put in a low-power state, even if that state is just powered off in the event of a bug -- the physical hardware is likely to be put in a backpack or somewhere with inadequate heat dissipation, so failure to enter a low-power state can cause damage to the physical hardware itself.
>How-To-Repeat:
code inspection
>Fix:
1. Decide answers to questions.
2. Document them in pmf(9).
3. Audit all drivers for reliance on the answers.
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.