Quoting Guenter Roeck (2023-08-17 15:55:32)
Some userspace applications use timerfd_create() to request wakeups after
a long period of time. For example, a backup application may request a
wakeup once per week. This is perfectly fine as long as the system does
not try to suspend. However, if the system tries to suspend and the
system's RTC does not support the required alarm timeout, the suspend
operation will fail with an error such as
rtc_cmos 00:01: Alarms can be up to one day in the future
PM: dpm_run_callback(): platform_pm_suspend+0x0/0x4a returns -22
alarmtimer alarmtimer.4.auto: platform_pm_suspend+0x0/0x4a returned -22 after 117 usecs
PM: Device alarmtimer.4.auto failed to suspend: error -22
This results in a refusal to suspend the system, causing substantial
battery drain on affected systems.
To fix the problem, use the maximum alarm time offset as reported by rtc
drivers to set the maximum alarm time. While this will result in brief
spurious wakeups from suspend, it is still much better than not suspending
at all.
Cc: Brian Norris <briannorris@xxxxxxxxxxxx>
Signed-off-by: Guenter Roeck <linux@xxxxxxxxxxxx>
---
v2: Rename range_max_offset -> alarm_offset_max
kernel/time/alarmtimer.c | 13 +++++++++++++
diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c
index 8d9f13d847f0..895e3a6d6444 100644
--- a/kernel/time/alarmtimer.c
+++ b/kernel/time/alarmtimer.c
@@ -290,6 +290,19 @@ static int alarmtimer_suspend(struct device *dev)
rtc_timer_cancel(rtc, &rtctimer);
rtc_read_time(rtc, &tm);
now = rtc_tm_to_ktime(tm);
+
+ /*
+ * If the RTC alarm timer only supports a limited time offset, set
+ * the alarm time to the maximum supported value.
+ * The system will wake up earlier than necessary and is expected
+ * to go back to sleep if it has nothing to do.
Does this assume that the kernel is configured for autosuspend
(CONFIG_PM_AUTOSLEEP)? Maybe we should only do this when that config is
enabled.
If userspace is the one autosuspending, then I don't know what we do, or
how the kernel knows it is OK. Maybe we need another alarmtimer clock id
that will fail creation if the wakeup time is larger than what the rtc
can be programmed for? Or maybe that new clock id can have this fixed
behavior to wakeup early with the assumption that userspace will go back
to sleep, and outdated userspace can use the original alarmtimer clock
id if they don't care about suspend failing?
I see another problem too. What do we do if an alarmtimer is created,
the rtc device is unregistered, and then we enter suspend? It looks like
alarmtimer_suspend() bails out early with no error, so suspend
continues. That looks wrong. Presumably we should fail suspend entirely
at that point because we'll never be able to wakeup to run the
alarmtimer.