From: Guenter Roeck <linux@roeck-us.net>
To: Pratyush Anand <panand@redhat.com>, Timur Tabi <timur@codeaurora.org>
Cc: fu.wei@linaro.org, Suravee.Suthikulpanit@amd.com, wim@iguana.be,
linux-arm-kernel@lists.infradead.org,
linux-watchdog@vger.kernel.org,
open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH RFC] Watchdog: sbsa_gwdt: Enhance timeout range
Date: Tue, 3 May 2016 06:47:12 -0700 [thread overview]
Message-ID: <5728ABE0.5040000@roeck-us.net> (raw)
In-Reply-To: <20160503132439.GC13045@dhcppc6.redhat.com>
On 05/03/2016 06:24 AM, Pratyush Anand wrote:
> On 03/05/2016:07:12:04 AM, Timur Tabi wrote:
>> Pratyush Anand wrote:
>>> + * Note: This watchdog timer has two stages. If action is 0, first stage is
>>> + * determined by directly programming WCV and second by WOR. When first
>>> + * timeout is reached, WS0 is triggered and WCV is reloaded with value in
>>> + * WOR. WS0 interrupt will be ignored, then the second watch period starts;
>>> + * when second timeout is reached, then WS1 is triggered, system resets. WCV
>>> + * and WOR are programmed in such a way that total time corresponding to
>>> + * WCV+WOR becomes equivalent to user programmed "timeout".
>>> + * If action is 1, then we expect to call panic() at user programmed
>>> + * "timeout". Therefore, we program both first and second stage using WCV
>>> + * only.
>>
>> So I'm not sure I understand how this works yet, but there was an earlier
>> version of Fu's driver that did something similar. It depended on being
>> able to reprogram the hardware during the WS0 interrupt, and that was
>> rejected by the community.
>>
>> How is what you are doing different?
>
> * Following was the comment for Fu Wei's primitive version of patch [1], because
> * of which community rejected it.
>
>> The triggering of the hardware reset should never depend on an interrupt being
>> handled properly. You should always program WCV correctly in advance.
>
> Now, there are couple of things different:
>
> (1) There is an important difference in upstreamed version than the version [1]
> which was rejected on above ground. In upstreamed version, there would be no
> interrupt handler when we are in normal mode ie action=0. So, there is no
> possibility of doing any thing in ISR for all normal usage of this timer. In
> this mode WCV is always programmed well in advance now.
>
> (2)action=1 mechanism was introduced to implement a dump saving mechanism if
> watchdog timeout expires before next kick. So, the current upstream version
> calls panic() in ISR. When action=1, then we do write WCV now in ISR, but there
> too some precaution have been taken.
>
> When action=1, and we land into isr handler sbsa_gwdt_interrupt() we can not
> trust watchdog data structure any more. That might have been corrupted.
Why ?
> (i) So it might happen that gwdt or wdd pointers have a corrupted value and as
> soon as we access gwdt->wdd or wdd->timeout, kernel panics. *No harm*, just
> panic() is called a bit early, which dump saving mechanism would be able to
> find. So, in fact it will give an extra information to dump saving mechanism
> that watchdog structure was corrupted as well.
> (ii) Another case, It might happen that wdd->timeout has been corrupted with
> large values. This patch does a protection while programming WCV in ISR. It
How would wdd->timeout be corrupted ?
If what you are say is correct, the interrupt handler can not be trusted, period,
and should be disabled entirely.
Guenter
> checks wdd->timeout against MAX_TIMEOUT value and reprograms WCV only when
> wdd->timeout is lesser than MAX_TIMEOUT. So, here too, there would be watchdog
> reset for sure if dump saving mechanism hangs.
>
> ~Pratyush
>
> [1] https://lists.linaro.org/pipermail/linaro-acpi/2015-June/004956.html
>
next prev parent reply other threads:[~2016-05-03 13:47 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-03 8:20 [PATCH RFC] Watchdog: sbsa_gwdt: Enhance timeout range Pratyush Anand
2016-05-03 12:12 ` Timur Tabi
2016-05-03 13:24 ` Pratyush Anand
2016-05-03 13:47 ` Guenter Roeck [this message]
2016-05-03 14:17 ` Pratyush Anand
2016-05-03 14:46 ` Guenter Roeck
2016-05-03 15:04 ` Timur Tabi
2016-05-03 13:29 ` Guenter Roeck
2016-05-03 14:38 ` Pratyush Anand
2016-05-03 15:07 ` Timur Tabi
2016-05-03 15:51 ` Pratyush Anand
2016-05-03 17:16 ` Guenter Roeck
2016-05-04 14:14 ` Pratyush Anand
2016-05-04 14:21 ` Timur Tabi
2016-05-04 15:59 ` Pratyush Anand
2016-05-04 16:17 ` Timur Tabi
2016-05-05 16:43 ` Guenter Roeck
2016-05-05 18:20 ` Pratyush Anand
2016-05-05 18:22 ` Timur Tabi
2016-05-05 23:36 ` Guenter Roeck
2016-05-05 23:38 ` Timur Tabi
2016-05-05 23:45 ` Timur Tabi
2016-05-06 0:18 ` Guenter Roeck
2016-05-05 23:51 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5728ABE0.5040000@roeck-us.net \
--to=linux@roeck-us.net \
--cc=Suravee.Suthikulpanit@amd.com \
--cc=fu.wei@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-watchdog@vger.kernel.org \
--cc=panand@redhat.com \
--cc=timur@codeaurora.org \
--cc=wim@iguana.be \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox