Re: [Yaffs] YAFFS shutdown

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Charles Manning
Date:  
To: yaffs
CC: Wagner Scott \(ST-IN/ENG1\)
Subject: Re: [Yaffs] YAFFS shutdown
On Thursday 19 October 2006 05:53, Wagner Scott (ST-IN/ENG1) wrote:
> Hi all,
>
> I know that one of the features of YAFFS is its graceful crash /
> unexpected shutdown handling. However, my system (an embedded Linux
> YAFFS implementation) provides a power fail warning interrupt about 250
> mS before the actual power failure. I would like to utilize this time
> to warn YAFFS of impending doom so that it can, for example, refuse
> further write requests from apps or flush any RAM journals to the NAND
> flash, thus (perhaps) making YAFFS even a little more robust.


There are really three parts to the robustness issue:
1) File system level. Can a broken operation cause file system level failure?
This can happen with some file systems that store the file directory
structure etc on the media where a failed/interrupted write could cause much
or all of the file system to get corrupted. YAFFS does not store filer system
structure on media and is immune to this problem.
2)File level corruption. YAFFS is prone to two types of corruption at this
level:
a) A partially written operation (eg power failure during a write of 1MB of
data) can leave that part of the file in an inconsistent state.
b) Data written into the "short op cache" will be lost. The data in a short op
cache is flushed when the file is flushed/closed or pushed out.

3) Flash-level corruption. Power fail during an actual NAND write/erase causes
that operation to corrupt the flash contents.

>
> Is this idea practical, and is there an interface to the Linux YAFFS (or
> the underlying MTD) which I should ue to do this?


At this stage, YAFFS does not have any hooks to do any of these checks at a
system level.
There are, however, two mechanisms that would probably help:
1) Add a check in the mtd layer. Before executing any write/erase command,
check that power is good. Delay the request until power is good. This will
prevent (3) above.
2) Write a system monitoring app/script that closes or flushes files when the
power fail is detected. This would protect you against (2) above.

-- CHarles