Handling power failure - MPC5200

Handling power failure - MPC5200

[Jón Benediktsson]

[-- Attachment #1: Type: text/plain, Size: 886 bytes --]

Hi

I am running Linux 2.4.25, based on linux_2_4_devel from Denx, on a custom 
MPC5200 board.
The boad has a TPS3705 chip for reset and watchdog.  The chip also 
provides a powerfail interrupt
when the supply voltage goes below a certain level, which is connected to 
IRQ0 on the MPC5200.

Capacitors on the supply provide me with some milliseconds to repond to 
power failure, which I would
like to use to do as much cleanup as possible before power is totally 
gone.  In particular, I am concerned
with trying to prevent damage to filesystems.  The board has Compact Flash 
and onboard flash which
are used as filesystems.  The board will be used as an industrial 
controller.

Can anyone point me to examples of how this can be handled ?
Can anyone share experience of a similar setup, which filesystems to 
select etc ?

Regards,
Jón Benediktsson
Marel hf

[-- Attachment #2: Type: text/html, Size: 1467 bytes --]

Re: Handling power failure - MPC5200

[Wolfgang Denk]

In message <OF368071C2.FBC6B7BC-ON00256F42.003F3DF3-00256F42.0044E8BB@marel.is> you wrote:
> 
> Capacitors on the supply provide me with some milliseconds to repond to 
> power failure, which I would
> like to use to do as much cleanup as possible before power is totally 
> gone.  In particular, I am concerned

How many is "some"? If it's not >100 or so it is probably  not  worht
the effort...

> with trying to prevent damage to filesystems.  The board has Compact Flash
> and onboard flash which
> are used as filesystems.  The board will be used as an industrial 
> controller.
> 
> Can anyone point me to examples of how this can be handled ?

Use the standard methods: use the CF card read-only  (many  CF  cards
can  be  damaged  [beyond  repair]  when  you power off while a write
operation is in progress). Use a filesystem  on  the  ob-board  flash
which knows how to handle a loss of power (i. e., use JFFS2).

> Can anyone share experience of a similar setup, which filesystems to 
> select etc ?

We usually use ext2 read-only on the CF, JFFS2 for the writable parts
on the on-board flash, cramfs for all  parts  that  need  not  to  be
written  on  a  regular  base (most of your root filesystem including
application  code,  libraries  etc.),  and  a  FiST   based   overlay
filesystem in case of software patches need to be added.

Best regards,

Wolfgang Denk

-- 
See us @ Embedded/Electronica Munich, Nov 09 - 12, Hall A.6 Booth 513
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@denx.de
You don't have to stay up nights to succeed; you have to  stay  awake
days.

Re: Handling power failure - MPC5200

[Jón Benediktsson]

> In message <OF368071C2.FBC6B7BC-ON00256F42.003F3DF3-00256F42.
> 0044E8BB@marel.is> you wrote:
> >=20
> > Capacitors on the supply provide me with some milliseconds to repond=20
to=20
> > power failure, which I would
> > like to use to do as much cleanup as possible before power is totally=20
> > gone.  In particular, I am concerned
>=20
> How many is "some"? If it's not >100 or so it is probably  not  worht
> the effort...

With the current design "some" is <50, but we can change the design if
we find it necessary.
=20
>=20
> Use the standard methods: use the CF card read-only  (many  CF  cards
> can  be  damaged  [beyond  repair]  when  you power off while a write
> operation is in progress).

Is this an acknowledged fact by CF manufacturers or based on experiece ?

Thank you very much for your input.

Regards,
J=F3n Benediktsson
Marel hf.

Re: Handling power failure - MPC5200

[Wolfgang Denk]

In message <OF5D3B44B5.3530BFCD-ON00256F43.0035B584-00256F43.004E2C6C@marel.is> you wrote:
>
> > Use the standard methods: use the CF card read-only  (many  CF  cards
> > can  be  damaged  [beyond  repair]  when  you power off while a write
> > operation is in progress).
> 
> Is this an acknowledged fact by CF manufacturers or based on experiece ?

You mean acknowledged officially in writing on letterhead paper?  No.
Inofficially: yes.

Also many people have confirmed this behaviour, at least on the cheap
"standard" (versus "industrial grade") CF cards.

I recommend to specifically ask your CF card vendor / distributor for
a confirmation and guarantee (in writing) that it is safe to turn off
power while writing to the device. Guess what you will get?

Best regards,

Wolfgang Denk

-- 
See us @ Embedded/Electronica Munich, Nov 09 - 12, Hall A.6 Booth 513
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@denx.de
"The whole world is about three drinks behind."     - Humphrey Bogart

RE: Handling power failure - MPC5200

[VanBaren, Gerald (AGRE)]

> -----Original Message-----
> From: linuxppc-embedded-bounces@ozlabs.org=0D
> [mailto:linuxppc-embedded-bounces@ozlabs.org] On Behalf Of=0D
> J=F3n Benediktsson
> Sent: Friday, November 05, 2004 9:14 AM
> To: Wolfgang Denk
> Cc: linuxppc-embedded@ozlabs.org
> Subject: Re: Handling power failure - MPC5200
>=0D
> > In message <OF368071C2.FBC6B7BC-ON00256F42.003F3DF3-00256F42.
> > 0044E8BB@marel.is> you wrote:
> > >=0D
> > > Capacitors on the supply provide me with some=0D
> milliseconds to repond
> to=0D
> > > power failure, which I would
> > > like to use to do as much cleanup as possible before power is=0D
> > > totally gone.  In particular, I am concerned
> >=0D
> > How many is "some"? If it's not >100 or so it is probably =0D
> not  worht=0D
> > the effort...
>=0D
> With the current design "some" is <50, but we can change the=0D
> design if we find it necessary.
> =0D
> >=0D
> > Use the standard methods: use the CF card read-only  (many =0D
> CF  cards=0D
> > can  be  damaged  [beyond  repair]  when  you power off=0D
> while a write=0D
> > operation is in progress).
>=0D
> Is this an acknowledged fact by CF manufacturers or based on=0D
> experiece ?
>=0D
> Thank you very much for your input.
>=0D
> Regards,
> J=F3n Benediktsson
> Marel hf.

Hi J=F3n,

Read the CF card detailed specifications carefully (and if it ain't in=
 writing, it ain't real).

What I've seen is marketing bullet points saying the cards can survive a=
 power loss event with no loss of data, but when I read the detailed CF=
 specification, the disclaimer was that power had to be held up for X mSec=
 (I forgot what X was, 2mSec or 10mSec most likely) after the last write=
 operation.  The marketing bullet point was exactly that: marketing.  The=
 real requirement levied on the user (you) was that you had to have X mSec=
 power hold up after the last write operation (i.e. a X mSec power fail=
 warning with no write operations after the PF warning).  The hold-up=
 requirement gave the CF internals enough time to complete a flash write=
 cycle.

gvb

******************************************
The following messages are brought to you by the Lawyers' League of=
 IdioSpeak:

******************************************
The information contained in, or attached to, this e-mail, may contain=
 confidential information and is intended solely for the use of the=
 individual or entity to whom they are addressed and may be subject to=
 legal privilege.  If you have received this e-mail in error you should=
 notify the sender immediately by reply e-mail, delete the message from=
 your system and notify your system manager.  Please do not copy it for any=
 purpose, or disclose its contents to any other person.  The views or=
 opinions presented in this e-mail are solely those of the author and do=
 not necessarily represent those of the company.  The recipient should=
 check this e-mail and any attachments for the presence of viruses.  The=
 company accepts no liability for any damage caused, directly or=
 indirectly, by any virus transmitted in this email.
******************************************

Re: Handling power failure - MPC5200

[Mark Chambers]

> > > Capacitors on the supply provide me with some
> milliseconds to repond
> to
> > > power failure, which I would
> > > like to use to do as much cleanup as possible before power is
> > > totally gone.  In particular, I am concerned
> >

>What I've seen is marketing bullet points saying the cards can survive a
power loss event with no loss of data, but when I read the >detailed CF
specification, the disclaimer was that power had to be held up for X mSec (I
forgot what X was, 2mSec or 10mSec most >likely) after the last write
operation.  The marketing bullet point was exactly that: marketing.  The
real requirement levied on the user
>(you) was that you had to have X mSec power hold up after the last write
operation (i.e. a X mSec power fail warning with no write >operations after
the PF warning).  The hold-up requirement gave the CF internals enough time
to complete a flash write cycle.

One simple use for the power fail interrupt would be to just turn off
interrupts and loop until power fail.
This would insure that a write or erase operation completed fully.
P.S. Don't forget to cover the situation where power comes back rather than
going all the way down!

Mark Chambers
wvcomputronics.com

Re: Handling power failure - MPC5200

[Wolfgang Denk]

In message <005a01c4c349$7949b8c0$0301a8c0@chuck2> you wrote:
> 
> >What I've seen is marketing bullet points saying the cards can survive a
> >power loss event with no loss of data, but when I read the >detailed CF
> >specification, the disclaimer was that power had to be held up for X mSec (I
> >forgot what X was, 2mSec or 10mSec most likely) after the last write
> >operation.  The marketing bullet point was exactly that: marketing.  The
> >real requirement levied on the user
> >(you) was that you had to have X mSec power hold up after the last write
> >operation (i.e. a X mSec power fail warning with no write >operations after
> >the PF warning).  The hold-up requirement gave the CF internals enough time
> >to complete a flash write cycle.
> 
> One simple use for the power fail interrupt would be to just turn off
> interrupts and loop until power fail.
> This would insure that a write or erase operation completed fully.

Maybe it would - but do you know exactly how long a  write  operation
will  take?  I  haven't  seen  such information in the specs I had so
far...

Best regards,

Wolfgang Denk

-- 
See us @ Embedded/Electronica Munich, Nov 09 - 12, Hall A.6 Booth 513
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@denx.de
Your own mileage may vary.

Re: Handling power failure - MPC5200

[Mark Chambers]

> >
> > >What I've seen is marketing bullet points saying the cards can survive
a
> > >power loss event with no loss of data, but when I read the >detailed CF
> > >specification, the disclaimer was that power had to be held up for X
mSec (I
> > >forgot what X was, 2mSec or 10mSec most likely) after the last write
> > >operation.  The marketing bullet point was exactly that: marketing.
The
> > >real requirement levied on the user
> > >(you) was that you had to have X mSec power hold up after the last
write
> > >operation (i.e. a X mSec power fail warning with no write >operations
after
> > >the PF warning).  The hold-up requirement gave the CF internals enough
time
> > >to complete a flash write cycle.
> >
> > One simple use for the power fail interrupt would be to just turn off
> > interrupts and loop until power fail.
> > This would insure that a write or erase operation completed fully.
>

> Maybe it would - but do you know exactly how long a  write  operation
> will  take?  I  haven't  seen  such information in the specs I had so
> far...
>
> Best regards,
>
> Wolfgang Denk
>

No, I guess I only know numbers for discrete flash chips.  And
then you've still got the long erase times.

So maybe, are you thinking that a power fail interrupt is a waste of
time?  Just segment the file system as you suggested and trust the
writeable part to jffs2?

Another technique that has fallen out of favor but is still useful in some
applications is battery backed RAM.  It's relatively expensive, but if
you want fast non-volatile memory it can't be beat.

Mark Chambers

Re: Handling power failure - MPC5200

[Wolfgang Denk]

In message <007d01c4c37e$17e8e0d0$0301a8c0@chuck2> you wrote:
>
> So maybe, are you thinking that a power fail interrupt is a waste of
> time?  Just segment the file system as you suggested and trust the
> writeable part to jffs2?

A PF interrupt can be extremely useful - if it leaves you enough time
to do the things you want to  do.  If  all  you  got  is  50  or  100
milliseconfs  then you have little chance to avoid problems with a CF
card that is being written to. In such a case you  must  design  your
system such that it is robust enough even without such cleanup.

> Another technique that has fallen out of favor but is still useful in some
> applications is battery backed RAM.  It's relatively expensive, but if
> you want fast non-volatile memory it can't be beat.

It depends. Sometimes you may have a  battery,  and  the  power  fail
signal  is  just a warning that leaves you enough time for an orderly
shutdown.

Best regards,

Wolfgang Denk

-- 
See us @ Embedded/Electronica Munich, Nov 09 - 12, Hall A.6 Booth 513
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@denx.de
Humans do claim a great deal for that particular emotion (love).
	-- Spock, "The Lights of Zetar", stardate 5725.6