From: Brian Norris <computersforpeace@gmail.com>
To: Boris Brezillon <boris.brezillon@bootlin.com>
Cc: devicetree@vger.kernel.org, Richard Weinberger <richard@nod.at>,
Zhiqiang Hou <Zhiqiang.Hou@nxp.com>, NeilBrown <neilb@suse.com>,
Marek Vasut <marek.vasut@gmail.com>,
Rob Herring <robh+dt@kernel.org>,
linux-mtd@lists.infradead.org
Subject: Re: [PATCH] mtd: spi-nor: only apply reset hacks to broken hardware
Date: Tue, 31 Jul 2018 15:35:50 -0700 [thread overview]
Message-ID: <20180731223550.GA60117@ban.mtv.corp.google.com> (raw)
In-Reply-To: <20180731221255.3e65c1fa@bbrezillon>
Hi Neil, Boris,
On Tue, Jul 31, 2018 at 10:12:55PM +0200, Boris Brezillon wrote:
> On Tue, 31 Jul 2018 11:05:11 +1000
> NeilBrown <neilb@suse.com> wrote:
> > On Fri, Jul 27 2018, Boris Brezillon wrote:
> > > On Fri, 27 Jul 2018 11:33:13 -0700
> > > I'll leave Neil some time to review/test/comment on the patch before
> > > queuing it, but it looks good to me.
> >
> > Thanks.
> > I can confirm that if I apply this patch, my system won't reboot
> > properly (as expected), and if I then add
> >
> > broken-flash-reset;
> >
> > to the jedec,spi-nor device, it starts functioning correctly again.
> >
> > I don't like the pejorative "broken", and it also suggests that a thing
> > used to work, but something happened to break it - this is not
> > accurate.
> > I would prefer something like "reset-not-connected" which is an accurate
> > description of the state of the hardware.
One reason I didn't specifically say something like "not connected", is
because IIUC it's actually *possible* to have a robust boot sequence
without the RESET# pin -- e.g., if your boot ROM hardcoded a software
reset command (just because it's not really standardized doesn't mean
one can't do it).
> > I also think that having a WARN_ON is an over-reaction. Certainly a
> > warning could be appropriate, but just one pr_warn() should be enough.
> > The "problem" is unlikely in practice, and loudly warning people that an
> > asteroid might kill them isn't particularly helpful.
> >
> > I genuinely think that if the system fails to reboot, then Linux is at
> > fault. I accept that changing Linux to be completely robust might be
> > more trouble than it is worth, but I don't accept that it is impossible.
Did you read my last response on the original thread? In my
understanding, there's always a way to, e.g., b0rk your exception
handlers, etc., such that you cannot guarantee your software fallbacks
will work. Normally, one would rely on a (hardware) watchdog to do your
last resort reset for you, but if said reset cannot also reset your boot
flash, then...you're stuck.
IOW, it's impossible.
Is that not an accurate description?
> > But I don't intend to fight either of these battles.
>
> Does that mean you're accepting this change? Brian, any comment on what
> Neil said?
>
> To be honest, I hate being in the middle of this discussion without
> having been involved in the first decision to accept such workarounds.
> I keep thinking that making boards that do not have reset properly
> wired less likely to fail rebooting is a wise decision, but I also
> agree with Brian when he says we should inform people that their design
> is unreliable.
> The main problem I see here, is that adding this prop won't help people
> figuring out what is wrong with their design, it will just help them
How else would we help someone figure out what's wrong with their
design? My best attempt is to make it quite obvious, as long as they're
using vanilla mainline: if their system hangs on reboot (without this
property), then it's probably a bad design.
And if instead, someone stuck in this DT property already, the loud
warning might suggest the reader look at the DT binding doc or code
comments, where I elaborated.
> workaround the problem when they find out, and it might already be to
> late to fix the HW design. But maybe it's not what we're trying to do
> here. Maybe we just want to warn users that rebooting such boards is a
> risky procedure.
Brian
______________________________________________________
Linux MTD discussion mailing list
http://lists.infradead.org/mailman/listinfo/linux-mtd/
WARNING: multiple messages have this Message-ID (diff)
From: Brian Norris <computersforpeace@gmail.com>
To: Boris Brezillon <boris.brezillon@bootlin.com>
Cc: NeilBrown <neilb@suse.com>,
devicetree@vger.kernel.org, Richard Weinberger <richard@nod.at>,
Zhiqiang Hou <Zhiqiang.Hou@nxp.com>,
Marek Vasut <marek.vasut@gmail.com>,
Rob Herring <robh+dt@kernel.org>,
linux-mtd@lists.infradead.org
Subject: Re: [PATCH] mtd: spi-nor: only apply reset hacks to broken hardware
Date: Tue, 31 Jul 2018 15:35:50 -0700 [thread overview]
Message-ID: <20180731223550.GA60117@ban.mtv.corp.google.com> (raw)
In-Reply-To: <20180731221255.3e65c1fa@bbrezillon>
Hi Neil, Boris,
On Tue, Jul 31, 2018 at 10:12:55PM +0200, Boris Brezillon wrote:
> On Tue, 31 Jul 2018 11:05:11 +1000
> NeilBrown <neilb@suse.com> wrote:
> > On Fri, Jul 27 2018, Boris Brezillon wrote:
> > > On Fri, 27 Jul 2018 11:33:13 -0700
> > > I'll leave Neil some time to review/test/comment on the patch before
> > > queuing it, but it looks good to me.
> >
> > Thanks.
> > I can confirm that if I apply this patch, my system won't reboot
> > properly (as expected), and if I then add
> >
> > broken-flash-reset;
> >
> > to the jedec,spi-nor device, it starts functioning correctly again.
> >
> > I don't like the pejorative "broken", and it also suggests that a thing
> > used to work, but something happened to break it - this is not
> > accurate.
> > I would prefer something like "reset-not-connected" which is an accurate
> > description of the state of the hardware.
One reason I didn't specifically say something like "not connected", is
because IIUC it's actually *possible* to have a robust boot sequence
without the RESET# pin -- e.g., if your boot ROM hardcoded a software
reset command (just because it's not really standardized doesn't mean
one can't do it).
> > I also think that having a WARN_ON is an over-reaction. Certainly a
> > warning could be appropriate, but just one pr_warn() should be enough.
> > The "problem" is unlikely in practice, and loudly warning people that an
> > asteroid might kill them isn't particularly helpful.
> >
> > I genuinely think that if the system fails to reboot, then Linux is at
> > fault. I accept that changing Linux to be completely robust might be
> > more trouble than it is worth, but I don't accept that it is impossible.
Did you read my last response on the original thread? In my
understanding, there's always a way to, e.g., b0rk your exception
handlers, etc., such that you cannot guarantee your software fallbacks
will work. Normally, one would rely on a (hardware) watchdog to do your
last resort reset for you, but if said reset cannot also reset your boot
flash, then...you're stuck.
IOW, it's impossible.
Is that not an accurate description?
> > But I don't intend to fight either of these battles.
>
> Does that mean you're accepting this change? Brian, any comment on what
> Neil said?
>
> To be honest, I hate being in the middle of this discussion without
> having been involved in the first decision to accept such workarounds.
> I keep thinking that making boards that do not have reset properly
> wired less likely to fail rebooting is a wise decision, but I also
> agree with Brian when he says we should inform people that their design
> is unreliable.
> The main problem I see here, is that adding this prop won't help people
> figuring out what is wrong with their design, it will just help them
How else would we help someone figure out what's wrong with their
design? My best attempt is to make it quite obvious, as long as they're
using vanilla mainline: if their system hangs on reboot (without this
property), then it's probably a bad design.
And if instead, someone stuck in this DT property already, the loud
warning might suggest the reader look at the DT binding doc or code
comments, where I elaborated.
> workaround the problem when they find out, and it might already be to
> late to fix the HW design. But maybe it's not what we're trying to do
> here. Maybe we just want to warn users that rebooting such boards is a
> risky procedure.
Brian
next prev parent reply other threads:[~2018-07-31 22:35 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-27 18:33 [PATCH] mtd: spi-nor: only apply reset hacks to broken hardware Brian Norris
2018-07-27 18:33 ` Brian Norris
2018-07-27 19:06 ` Guenter Roeck
2018-07-27 19:06 ` Guenter Roeck
2018-07-27 20:03 ` [PATCH] " Boris Brezillon
2018-07-27 20:03 ` Boris Brezillon
2018-07-31 1:05 ` NeilBrown
2018-07-31 1:05 ` NeilBrown
2018-07-31 20:12 ` Boris Brezillon
2018-07-31 20:12 ` Boris Brezillon
2018-07-31 22:15 ` Marek Vasut
2018-07-31 22:15 ` Marek Vasut
2018-08-01 0:40 ` NeilBrown
2018-08-01 0:40 ` NeilBrown
2018-08-01 8:24 ` Marek Vasut
2018-08-01 8:24 ` Marek Vasut
2018-07-31 22:35 ` Brian Norris [this message]
2018-07-31 22:35 ` Brian Norris
2018-08-01 1:06 ` NeilBrown
2018-08-01 1:06 ` NeilBrown
2018-08-07 18:39 ` Rob Herring
2018-08-07 18:39 ` Rob Herring
2018-08-07 19:22 ` Brian Norris
2018-08-07 19:22 ` Brian Norris
2018-08-01 0:38 ` NeilBrown
2018-08-01 0:38 ` NeilBrown
2018-08-01 7:15 ` Boris Brezillon
2018-08-01 7:15 ` Boris Brezillon
2018-08-07 18:33 ` Rob Herring
2018-08-07 18:33 ` Rob Herring
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180731223550.GA60117@ban.mtv.corp.google.com \
--to=computersforpeace@gmail.com \
--cc=Zhiqiang.Hou@nxp.com \
--cc=boris.brezillon@bootlin.com \
--cc=devicetree@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=marek.vasut@gmail.com \
--cc=neilb@suse.com \
--cc=richard@nod.at \
--cc=robh+dt@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.