Hi Timur,
On 24 May 2015 at 00:28, Fu Wei fu.wei@linaro.org wrote:
Hi Timur,
On 21 May 2015 at 23:42, Timur Tabi timur@codeaurora.org wrote:
On 05/21/2015 03:32 AM, fu.wei@linaro.org wrote:
+static void reload_timeout_to_wcv(struct watchdog_device *wdd) +{
struct sbsa_gwdt *gwdt = to_sbsa_gwdt(wdd);
u64 wcv;
wcv = arch_counter_get_cntvct() +
(u64)(wdd->timeout - wdd->pretimeout) * gwdt->clk;
sbsa_gwdt_set_wcv(wdd, wcv);
+}
...
+static int sbsa_gwdt_set_timeout(struct watchdog_device *wdd,
unsigned int timeout)
+{
wdd->timeout = timeout;
return 0;
+}
...
+static irqreturn_t sbsa_gwdt_interrupt(int irq, void *dev_id) +{
struct sbsa_gwdt *gwdt = (struct sbsa_gwdt *)dev_id;
struct watchdog_device *wdd = &gwdt->wdd;
u32 status;
status = sbsa_gwdt_cf_read(SBSA_GWDT_WCS, wdd);
if (status & SBSA_GWDT_WCS_WS0)
panic("SBSA Watchdog pre-timeout");
return IRQ_HANDLED;
+}
There's one thing I don't understand about your driver. The 'timeout' value from the kernel is supposed to to be the number of seconds until the system reboots. You are programming the WCV with that value, which means that the WS0 interrupt will fire when the timeout expires the first time. However, you don't reboot the system during this interrupt. The "panic" will cause the system to halt, but not reboot. Instead, it will just sit there.
the "panic" is not just halt the system, please check the code : (1)It can trigger Kdump (not just print the panic message), if you enable this in the config. that can help server administrator to figure out why the system goes wrong. (2)panic also can trigger a reboot, if you set up "panic timeout".
Obviously, it won't just sit there, it can help user figure out the problem.
At the beginning, I would like to make the first signal more useful, but for simplifying the first version of driver , I decide to use panic(). but if there is better "alerts" for a ARM server , I will go on maintaining this driver to make WS0 more useful.
You're waiting for the WS1 timeout for the system to reboot, but this is not a clean reboot, and it occurs at 2*timeout seconds.
That's why I like my driver better. It doesn't have any of this pretimeout stuff, and when the timeout expires during the WS0 interrupt, it calls emergency_restart() which reboots the system properly. The WS1 hard reset is used as a "backup" reset in case emergency_restart() fails.
OK, If you think so, I hope you can read the SBSA spec more carefully For the watchdog signal (WS0/WS1), SBSA say: "The initial signal is typically wired to an interrupt and alerts the system. The system can attempt to take corrective action that includes refreshing the watchdog within the second watch period. If the refresh is successful the system returns to the previous normal operation.
From here, you can see, even a panic is not good enough. we even can
refreshing the watchdog.
But for simplifying the driver, I think, at least, panic() can help user to backup system context, it is very helpful for a server administrator. Because server should be very stable and important , if its software goes wrong, we must figure out the problem, we can not let it happen again.
but in WS0 interrupt routine , just simply restart , it is not a server watchdog should do.
If it fails then the second watch period expires and a second signal is generated. The signal is fed to a higher agent as an interrupt or reset for it to take executive action."
So WS0 is a warning, but not a reset. the WS1 maybe a reset, or a interrupt to higher agent.
That is different from a normal watchdog use before. the two stage of WS are not just for reset , at least the first one is definitely not a reset. and the second one is not a backup.
If you make SBSA watchdog work like a normal watchdog,: (1)why we need a new driver and new device? you can just use SP805 in the system. (2) why we need a two stages? ( if the second hardware reset signal can work more reliably , why use emergency_restart() which is a software reset, does it clean the system and do some useful backup or sync? ) the only useful thing done by emergency_restart() is kmsg_dump(KMSG_DUMP_EMERG);) (3)why the first WS is connect to a interrupt, but not a reset signal(I believe the direct reset signal is far more reliable than a interrupt to trigger a software reset )
And because of WS0 is a warning, so I decide to use a existing watchdog concept "pretimeout":
Pretimeouts:
Some watchdog timers can be set to have a trigger go off before the actual time they will reset the system. This can be done with an NMI, interrupt, or other mechanism. This allows Linux to record useful information (like panic information and kernel coredumps) before it resets.
-- Qualcomm Innovation Center, Inc. The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project.
-- Best regards,
Fu Wei Software Engineer Red Hat Software (Beijing) Co.,Ltd.Shanghai Branch Ph: +86 21 61221326(direct) Ph: +86 186 2020 4684 (mobile) Room 1512, Regus One Corporate Avenue,Level 15, One Corporate Avenue,222 Hubin Road,Huangpu District, Shanghai,China 200021