SPRZ580 December 2024 AM62D-Q1
ECC_AGGR: Potential IP Clockstop/Reset Sequence Hang due to Pending ECC Aggregator Interrupts
The ECC Aggregator module is used to aggregate safety error occurrences (which are rare) and generate interrupts to notify software. The ECC Aggregator provides software control over the enabling/disabling and clearing of safety errors interrupts.
When software is performing a clockstop/reset sequence on an IP, the sequence can potentially not complete because the IP's associated ECC Aggregator instance is not idle. The ECC Aggregator idle status is dependent upon any pending safety error interrupts either enabled or disabled, which have not been cleared by software. As a result, the IP's clockstop/reset sequence may never complete (hang) if there are any pending safety errors interrupts that remain uncleared.
The affected ECC_AGGRs can be determined by the value listed in the Technical Reference Manual (TRM) for their REV register at Register Offset 0h. The REV register encodes the ECC_AGGR version in its fields as follows:
v[REVMAJ].[REVMIN].[REVRTL]
ECC_AGGR versions before v2.1.1 are affected. ECC_AGGR versions v2.1.1 and later are not affected.
Affected Example:
REVMAJ = 2
REVMIN = 1
REVRTL = 0
The above values decode to ECC_AGGR Version v2.1.0, which is Affected.
Not Affected Example:
REVMAJ = 2
REVMIN = 1
REVRTL = 1
The above values decode ECC_AGGR Version v2.1.1, which is Not Affected.
General Note:
Clockstopping the ECC Aggregator is not supported in functional safety use-cases.
Software should use the following workaround for non-functional safety use-cases:
Due to interrupts being external stimuli, software has two options for step 3:
Software in general may need to detect pending interrupts that continuously fire during this entire sequence (ex. in the case of a stuck-at fault scenario), and disable their associated EDC CTRL safety checkers to allow the clockstop/reset sequence to progress towards completion.