| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Nov 2023 12:22:12 +0100
From: Oleksij Rempel <o.rempel@...gutronix.de>
To: Ulf Hansson <ulf.hansson@...aro.org>,
Mark Brown <broonie@...nel.org>
Cc: Yang Yingliang <yangyingliang@...wei.com>,
linux-mmc@...r.kernel.org, kernel@...gutronix.de,
Ye Bin <yebin10@...wei.com>,
Heiner Kallweit <hkallweit1@...il.com>,
Matti Vaittinen <matti.vaittinen@...rohmeurope.com>,
Liam Girdwood <lgirdwood@...il.com>,
Conor Dooley <conor+dt@...nel.org>,
linux-kernel@...r.kernel.org, devicetree@...r.kernel.org,
Naresh Solanki <naresh.solanki@...ements.com>,
zev@...ilderbeest.net, Sebastian Reichel <sre@...nel.org>,
linux-pm@...r.kernel.org,
Søren Andersen <san@...v.dk>
Subject: Re: mmc: handling of Under-Voltage Events in eMMC
Hi Ulf, Hi Mark,
On Tue, Oct 10, 2023 at 04:48:24PM +0200, Ulf Hansson wrote:
> On Fri, 29 Sept 2023 at 15:00, Oleksij Rempel <o.rempel@...gutronix.de> wrote:
> >
> > Hi,
> >
> > I'm working on a project aiming to protect eMMC during power loss. Our
> > hardware setup includes an under-voltage detector, circuits to disable
> > non-critical components, and enough capacitance to allow the CPU to run
> > for 100ms.
> >
> > I've added an interrupt handler to the fixed regulator to emit
> > REGULATOR_EVENT_UNDER_VOLTAGE events, and modified
> > drivers/mmc/host/sdhci.c to receive these events. Currently, the handler
> > only produces debug output.
> >
> > What is the recommended approach for handling under-voltage situations?
> > Should the driver finish ongoing write commands, block new ones, and
> > shut down the eMMC? I'm looking for direction here.
>
> That's indeed a very good question. From a general point of view, I
> think the best we can do is to stop any new I/O requests from being
> managed - and try to complete only the last ongoing one, if any.
> Exactly how to do that can be a bit tricky though.
>
> Beyond that, we should probably try to send the eMMC specific commands
> that allow us to inform the eMMC that it's about to be powered-off.
> Although, I am not sure that we actually will be able to complete
> these operations within 100ms, so maybe it's not really worth trying?
> See mmc_poweroff_notify(), for example.
Some puzzle parts are now mainline, for example regulator framework
can be configured to detect under-voltage events and execute
hw_protection_shutdown(). So far it worked good enough to complete
mmc_poweroff_notify() withing 100ms window. The problem is, the chance to
execute mmc_poweroff_notify() depends on kernel configuration. If there are too
many drivers and devices, mmc_poweroff_notify() will be not executed in time.
For now, I workaround it by registering a reboot notifier for mmc shutdown.
It works, because kernel_power_off() is executing all registered reboot
notifiers at first place and there are no other slow reboot notifiers.
But, it seems to be not reliable enough. Probably notifier prioritization
is needed to make it more predictable.
So far, I have two variants to implement it in more predictable way:
variant 1 - forward the under-voltage notification to the mmc framework and
execute mmc_poweroff_notify() or bus shutdown.
variant 2 - use reboot notifier and introduce reboot notifier prioritization.
Are there other options? What are your preferences?
Regards,
Oleksij
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
Powered by blists - more mailing lists