[U-Boot] [PATCH v2] ARM926ejs: Add routines to invalidate D-Cache

Albert ARIBAUD albert.u.boot at aribaud.net
Sun Aug 7 08:55:41 CEST 2011 

Hi Aneesh,

(cutting quotation for readability)

Le 05/08/2011 16:59, Aneesh V a écrit :
> Hi Albert,

> I don't dispute that having buffers aligned is the ideal scenario. The
> question is about error-handling the situation when this requirement is
> not met.

I understand what you're trying to achieve in this respect, that is, 
make the code as correct as it can be under unspecified conditions. I 
believe we are differing in how we construe 'as correct as it can be': 
you want to make the implementation of the called function as correct as 
it can be' at the expense of introducing a non-intuitive behavior (flush 
while invalidating), while I prefer the overall system to be as correct 
as it can be by 'doing exactly what it says on the tin', i.e. 
invalidating only.

I believe  that the added intelligence of trying to perform as 
resiliently as possible is perfectly understandable, desirable and 
achievable in an operating system, but that in a bootloader, which has 
tighter constraints of size and speed notably, adding intelligence just 
to supplement lack of conformance in the code should be avoided.

>> Especially, I don't buy the argument that "the person who commits the
>> mistake of invalidating the un-aligned buffer is the one who is affected
>> and is likely to fix the issue soon". The issue might not appear right
>> after the call to flush is added; it might appear quite later, after
>> several reorganizations of the ordering of data in RAM, and affect some
>> completely unrelated person doing something completely unrelated.
>
> I don't get how a flush can affect an un-related person unless the
> surrounding buffer also happens to be a DMA receive buffer.

There you have it: it can. :)

More seriously: both leaving out the flush and doing it have issues when 
unaligned buffers are involved. Of these to imperfect solutions, I 
prefer the one that performs more efficiently in nominal cases.

> Please note
> that flush is something that can happen to any dirty line as part of
> the cache line replacement done by hardware when new lines are brought
> into the cache, it's not such a dangerous thing for normal memory
> locations.

For normal memory indeed, it does not matter. But as soon as you start 
using -- needing -- flushes and invalidates, that means we're not 
dealing with normal memory any more, but with memory shared with other 
devices, DMAs or CPUs -- but that is true for doing flushes at the ends 
of an invalidate region... and for not doing them. Both solutions are 
simply imperfect due to the simple fact that the cache line just might 
contain parts of *two* different DMA buffers.

> If the buffers are aligned, the flush operation will not get executed.
> So, what is the risk?

If the operation is not performed in the nominal case, then let's just 
not do it -- things have already gone wrong anyway.

>> Between an implementation that "should cause no issue" and an
>> implementation that "cannot cause issues", I definitely favor the
>> latter: so that's a no on my side to any flushing while invalidating a
>> range.
>
> Let's look at the different cases:
>
> Let A be an un-aligned DMA receive buffer. Let B be a buffer lying
> next to A belonging to another program.
>
> Case I - A is aligned
> 1. Invalidate with flush - no issue
> 2. Invalidate without flush - no issue
>
> Case II - A is un-aligned, B is DMA receive buffer:
> 1. Invalidate with flush - corrupts B if DMA is on-going.
> 2. Invalidate without flush - no issue.
>
> Case III - A is un-aligned, B is normal memory.
> 1. Invalidate with flush - A corrupted, no issue for B.
> 2. Invalidate without flush - no issue for A, B is corrupted.
>
> Case I doesn't cause any issue either way. Case II would be rather
> rare. If it happens, it's more likely that B belongs to the same driver
> owning A. Case III is the more common error case and you can see that
> Invalidate with Flush is better because it doesn't affect B.

I do realize situations which will result in issues are rare. But I do 
realize that adding the extra logic of flushing is overkill compared to 
what the driver designer should have done, i.e. aligning some buffers, 
and that it will not fix all cases.

Also, I don't believe (any more...) in words like 'rare', 'likely' or 
'probably'. I've gone through some pains myself about 'rare' conditions 
which actually were not that rare and cost me days, if not weeks on... 
rare... occasions.

So let's not try to solve out-of-spec conditions with hypotheses about 
'probable' situations it would or would not handle -- we're out of 
specs, we don't handle things any more. Let's just do 'what it says on 
the tin', and since the function says it invalidates, let's just 
invalidate. The code will be simpler, cleaner, more understandable for 
nominal case, and will noisily signal out-of-spec cases and possibly 
misbehave then, but any code would, so that's ok.

And lets fix alignement issues where that belongs, i.e. in the driver 
buffers alignment. :)

> best regards,
> Aneesh

Amicalement,
-- 
Albert.

More information about the U-Boot mailing list