From: Christian Loehle <christian.loehle@arm.com>
To: Oleksij Rempel <o.rempel@pengutronix.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "Mark Brown" <broonie@kernel.org>,
"Rafael J. Wysocki" <rafael@kernel.org>,
"Ulf Hansson" <ulf.hansson@linaro.org>,
kernel@pengutronix.de, linux-kernel@vger.kernel.org,
linux-mmc@vger.kernel.org, linux-pm@vger.kernel.org,
"Søren Andersen" <san@skov.dk>
Subject: Re: [PATCH v1 0/3] introduce priority-based shutdown support
Date: Mon, 27 Nov 2023 10:13:49 +0000 [thread overview]
Message-ID: <a85b2d7e-4036-4bab-addf-45e0c2f6c335@arm.com> (raw)
In-Reply-To: <20231125085038.GA877872@pengutronix.de>
On 25/11/2023 08:50, Oleksij Rempel wrote:
> On Sat, Nov 25, 2023 at 06:51:55AM +0000, Greg Kroah-Hartman wrote:
>> On Fri, Nov 24, 2023 at 07:57:25PM +0100, Oleksij Rempel wrote:
>>> On Fri, Nov 24, 2023 at 05:26:30PM +0000, Greg Kroah-Hartman wrote:
>>>> On Fri, Nov 24, 2023 at 05:32:34PM +0100, Oleksij Rempel wrote:
>>>>> On Fri, Nov 24, 2023 at 03:56:19PM +0000, Greg Kroah-Hartman wrote:
>>>>>> On Fri, Nov 24, 2023 at 03:49:46PM +0000, Mark Brown wrote:
>>>>>>> On Fri, Nov 24, 2023 at 03:27:48PM +0000, Greg Kroah-Hartman wrote:
>>>>>>>> On Fri, Nov 24, 2023 at 03:21:40PM +0000, Mark Brown wrote:
>>>>>>>
>>>>>>>>> This came out of some discussions about trying to handle emergency power
>>>>>>>>> failure notifications.
>>>>>>>
>>>>>>>> I'm sorry, but I don't know what that means. Are you saying that the
>>>>>>>> kernel is now going to try to provide a hard guarantee that some devices
>>>>>>>> are going to be shut down in X number of seconds when asked? If so, why
>>>>>>>> not do this in userspace?
>>>>>>>
>>>>>>> No, it was initially (or when I initially saw it anyway) handling of
>>>>>>> notifications from regulators that they're in trouble and we have some
>>>>>>> small amount of time to do anything we might want to do about it before
>>>>>>> we expire.
>>>>>>
>>>>>> So we are going to guarantee a "time" in which we are going to do
>>>>>> something? Again, if that's required, why not do it in userspace using
>>>>>> a RT kernel?
>>>>>
>>>>> For the HW in question I have only 100ms time before power loss. By
>>>>> doing it over use space some we will have even less time to react.
>>>>
>>>> Why can't userspace react that fast? Why will the kernel be somehow
>>>> faster? Speed should be the same, just get the "power is cut" signal
>>>> and have userspace flush and unmount the disk before power is gone. Why
>>>> can the kernel do this any differently?
>>>>
>>>>> In fact, this is not a new requirement. It exist on different flavors of
>>>>> automotive Linux for about 10 years. Linux in cars should be able to
>>>>> handle voltage drops for example on ignition and so on. The only new thing is
>>>>> the attempt to mainline it.
>>>>
>>>> But your patch is not guaranteeing anything, it's just doing a "I want
>>>> this done before the other devices are handled", that's it. There is no
>>>> chance that 100ms is going to be a requirement, or that some other
>>>> device type is not going to come along and demand to be ahead of your
>>>> device in the list.
>>>>
>>>> So you are going to have a constant fight among device types over the
>>>> years, and people complaining that the kernel is now somehow going to
>>>> guarantee that a device is shutdown in a set amount of time, which
>>>> again, the kernel can not guarantee here.
>>>>
>>>> This might work as a one-off for a specific hardware platform, which is
>>>> odd, but not anything you really should be adding for anyone else to use
>>>> here as your reasoning for it does not reflect what the code does.
>>>
>>> I see. Good point.
>>>
>>> In my case umount is not needed, there is not enough time to write down
>>> the data. We should send a shutdown command to the eMMC ASAP.
>>
>> If you don't care about the data, why is a shutdown command to the
>> hardware needed? What does that do that makes anything "safe" if your
>> data is lost.
>
> It prevents HW damage. In a typical automotive under-voltage labor it is
> usually possible to reproduce X amount of bricked eMMCs or NANDs on Y
> amount of under-voltage cycles (I do not have exact numbers right now).
> Even if the numbers not so high in the labor tests (sometimes something
> like one bricked device in a month of tests), the field returns are
> significant enough to care about software solution for this problem.
>
> Same problem was seen not only in automotive devices, but also in
> industrial or agricultural. With other words, it is important enough to bring
> some kind of solution mainline.
>
IMO that is a serious problem with the used storage / eMMC in that case and it
is not suitable for industrial/automotive uses?
Any industrial/automotive-suitable storage device should detect under-voltage and
just treat it as a power-down/loss, and while that isn't nice for the storage device,
it really shouldn't be able to brick a device (within <1M cycles anyway).
What does the storage module vendor say about this?
BR,
Christian
next prev parent reply other threads:[~2023-11-27 10:13 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-24 14:53 [PATCH v1 0/3] introduce priority-based shutdown support Oleksij Rempel
2023-11-24 14:53 ` [PATCH v1 1/3] driver core: move core part of device_shutdown() to a separate function Oleksij Rempel
2023-11-24 15:07 ` Greg Kroah-Hartman
2023-11-24 20:04 ` kernel test robot
2023-11-24 14:53 ` [PATCH v1 2/3] driver core: introduce prioritized device shutdown sequence Oleksij Rempel
2023-11-24 15:10 ` Greg Kroah-Hartman
2023-11-24 14:53 ` [PATCH v1 3/3] mmc: core: increase shutdown priority for MMC devices Oleksij Rempel
2023-11-24 15:05 ` [PATCH v1 0/3] introduce priority-based shutdown support Greg Kroah-Hartman
2023-11-24 15:21 ` Mark Brown
2023-11-24 15:27 ` Greg Kroah-Hartman
2023-11-24 15:49 ` Mark Brown
2023-11-24 15:56 ` Greg Kroah-Hartman
2023-11-24 16:32 ` Oleksij Rempel
2023-11-24 17:26 ` Greg Kroah-Hartman
2023-11-24 18:57 ` Oleksij Rempel
2023-11-25 6:51 ` Greg Kroah-Hartman
2023-11-25 8:50 ` Oleksij Rempel
2023-11-25 9:09 ` Greg Kroah-Hartman
2023-11-25 10:30 ` Mark Brown
2023-11-25 14:35 ` Greg Kroah-Hartman
2023-11-25 15:43 ` Mark Brown
2023-11-25 19:58 ` Greg Kroah-Hartman
2023-11-26 10:14 ` Mark Brown
2023-11-26 19:31 ` Oleksij Rempel
2023-11-27 11:27 ` Christian Loehle
2023-11-27 11:44 ` Oleksij Rempel
2023-11-27 11:57 ` Christian Loehle
2023-11-26 19:42 ` Ferry Toth
2023-11-27 14:09 ` Mark Brown
2023-11-27 10:13 ` Christian Loehle [this message]
2023-11-27 11:36 ` Oleksij Rempel
2023-11-30 21:59 ` Francesco Dolcini
2023-11-27 12:54 ` Matti Vaittinen
2023-11-27 13:08 ` Greg Kroah-Hartman
2023-11-27 14:24 ` Mark Brown
2023-11-27 14:49 ` Matti Vaittinen
2023-11-27 16:23 ` Mark Brown
2023-11-30 9:57 ` Ulf Hansson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a85b2d7e-4036-4bab-addf-45e0c2f6c335@arm.com \
--to=christian.loehle@arm.com \
--cc=broonie@kernel.org \
--cc=gregkh@linuxfoundation.org \
--cc=kernel@pengutronix.de \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mmc@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=o.rempel@pengutronix.de \
--cc=rafael@kernel.org \
--cc=san@skov.dk \
--cc=ulf.hansson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox