LKML Archive on
help / color / mirror / Atom feed
From: Jacek Anaszewski <>
To: Greg KH <>
Cc: Pavel Machek <>,
	kernel list <>,,,,,,,,
Subject: Re: Reading /sys with side effects (was Re: [PATCH 1/2] Documentation: leds: Add description of LED Flash class extension)
Date: Mon, 02 Feb 2015 10:07:02 +0100	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

On 01/30/2015 05:40 PM, Greg KH wrote:
> On Fri, Jan 30, 2015 at 09:55:30AM +0100, Jacek Anaszewski wrote:
>> Hi Pavel,
>> On 01/29/2015 10:14 PM, Pavel Machek wrote:
>>> Hi!
>>>>>> +	- flash_fault - list of flash faults that may have occurred:
>>>>>> +		* led-over-voltage - flash controller voltage to the flash LED
>>>>>> +			has exceededthe limit specific to the flash controller
>>>>>> +		* flash-timeout-exceeded - the flash strobe was still on when
>>>>>> +			the timeout set by the user has expired; not all flash
>>>>>> +			controllers may set this in all such conditions
>>>>>> +		* controller-over-temperature - the flash controller has
>>>>>> +			overheated
>>>>>> +		* controller-short-circuit - the short circuit protection
>>>>>> +			of the flash controller has been triggered
>>>>>> +		* led-power-supply-over-current - current in the LED power
>>>>>> +			supply has exceeded the limit specific to the flash
>>>>>> +			controller
>>>>>> +		* indicator-led-fault - the flash controller has detected
>>>>>> +			a short or open circuit condition on the indicator LED
>>>>>> +		* led-under-voltage - flash controller voltage to the flash
>>>>>> +			LED has been below the minimum limit specific to
>>>>>> +			the flash
>>>>>> +		* controller-under-voltage - the input voltage of the flash
>>>>>> +			controller is below the limit under which strobing the
>>>>>> +			flash at full current will not be possible. The condition
>>>>>> +			persists until this flag is no longer set
>>>>>> +		* led-over-temperature - the temperature of the LED has exceeded
>>>>>> +			its allowed upper limit
>>>>>> +
>>>>>> +		Flash faults are cleared, if possible, by reading the attribute.
>>>>> That's bad. Now you can no longer present flash_fault file as readable
>>>>> to non-root users, and grep -ri foo /sys will interfere with your
>>>>> camera application.
>>>>> Bad interface, just fix it.
>>>> In my opinion it isn't crucial for the user to be aware of the
>>>> fact that some non-persistent fault happened right after strobing the
>>>> flash (e.g. over temperature).
>>>> I cannot see anything harmful in the situation when someone does grep
>>>> on /sys and clears non-persistent fault on a flash LED device.
>>> So why export the faults at all?
>> Faults may prevent strobing the flash in case of some devices.
>> The example of such a device is ADP1663 (drivers/media/i2c/adp1653.c).
>> This driver reads the faults before strobing the flash and if a
>> fault preventing strobing has occurred it returns -EBUSY.
>> If this driver was made a LED Flash class driver, then it would
>> expose flash_faults attribute. The driver would probably need
>> redesigning - checking the faults before strobing would have to be
>> avoided and it should be left to the userspace.
> That's fine, but Pavel's point is that you shouldn't "clear a fault" by
> reading a sysfs file as you don't control who reads all sysfs files
> (hint, libudev might cache all attributes when they are found / change,
> which could prevent anyone else from seeing that fault.)
> So please fix this, make a write to clear a fault or some other such
> explicit action, not a simple read.  That's not an acceptable api.

I am aware what Pavel'a point was, I just presented the arguments
justifying existence of the flash_faults attribute at all.

In my opinion flash_faults attribute should report the current state of
the device. For the devices which clear the faults on I2C readout the
faults read would have to be cached in the driver, until they are
explicitly cleared, to keep the sysfs interface consistent.

Nonetheless, there can be also devices which don't require clearing the
faults - they are reported only when the actual condition occurs,
e.g. over temperature or under voltage. When the related value gets
back to the acceptable level the fault is no longer reported by the

In this case some faults will remain unnoticed by the user space. This
is the argument in favour of my statement that caching the faults does
not make a sense and is not crucial. The user's vital interest is to
know whether the flash LED is operational right before strobing.

Since we cannot guarantee reporting all the faults that occurred for
all possible flash LED devices, the only sensible solution is to report
only the currently valid fault.

Best Regards,
Jacek Anaszewski

  reply	other threads:[~2015-02-02  9:07 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <>
2015-01-27 22:37 ` Pavel Machek
2015-01-28  8:43   ` Jacek Anaszewski
2015-01-29 21:14     ` Pavel Machek
2015-01-30  8:55       ` Jacek Anaszewski
2015-01-30 16:40         ` Greg KH
2015-02-02  9:07           ` Jacek Anaszewski [this message]
2015-02-02  9:44             ` Pavel Machek
2015-02-02 11:55               ` Jacek Anaszewski
2015-02-02 13:51                 ` Pavel Machek
2015-02-02 14:51                   ` Jacek Anaszewski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \ \ \ \ \ \ \
    --subject='Re: Reading /sys with side effects (was Re: [PATCH 1/2] Documentation: leds: Add description of LED Flash class extension)' \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).