On Monday 23 May 2005 09:53, Thomas Gleixner wrote:
> On Sun, 2005-05-22 at 10:14 +1200, Charles Manning wrote:
> > YAFFS currently assumes that a power failure will not destroy a write.
> > For the most par that should be an OK assumption since once a flash
> > programming cycle has been set up it should execute in 200uS. THere
> > should be enough residual power in the system to complete that.
>
> Hmm, thats a dangerous assumption. Assume that the WP pin is switched to
> write protect mode by a reset controller which supervises the power
> supply.
Thanx Thomas I had not considered this condition.
The WP directly controls the internal high voltage charge pump that drives
the programming. If WP goes low, the hv will droop and the programming will
not complete reliably.
In most circuits I am familar with, the WP is strapped to Vcc which would
allow in-progress writes to complete.
>
> You have to handle interrupted writes. There is no guarantee for
> "atomic" programming operations. And all hacks you put into the mtd/nand
> layer or YAFFS will not improve the situation. Keep this stuff as simple
> as possible and handle the rare case of interrupted page programming in
> the mount stage.
There are really two things that should be done in YAFFS to improve the
situation:
1) Currently YAFFS uses chunks that fail ECC. It would probably be better to
ignore them (delete them) and consider them to be aborted writes (needs more
thought).
2) If an ECC failure is detected on a block, then the block is retired.
Perhaps instead a block should only be retired if a write fails. This would
be more in tune with Toshiba's recommendations. The argument against this has
been that I'd rather retire blocks earlier (ie before they start to go bad),
but this should be reviewed in the light of recent evidence.
-- CHarles