[PATCH 2/2] watchdog: add watchdog behavior configuration
Mark Kettenis
mark.kettenis at xs4all.nl
Wed Sep 23 19:53:10 CEST 2020
> Date: Wed, 23 Sep 2020 13:14:09 -0400
> From: Tom Rini <trini at konsulko.com>
>
> On Wed, Sep 23, 2020 at 07:01:54PM +0200, Mark Kettenis wrote:
> > > From: Michael Walle <michael at walle.cc>
> > > Date: Wed, 23 Sep 2020 18:45:27 +0200
> > >
> > > Let the user choose between three different behaviours of the watchdog:
> > > (1) Keep the watchdog disabled
> > > (2) Supervise u-boot
> > > (3) Supervise u-boot and the operating systen (default)
> > >
> > > Option (2) will disable the watchdog right before handing control to the
> > > operating system. This is useful when the OS is not aware of the
> > > watchdog. Option (3) doesn't disable the watchdog and assumes the OS
> > > will continue servicing.
> >
> > (3) can't be the default, at least for EFI
> >
> > The UEFI standard explicitly says that upon calling
> > ExitBootServices(), the watchdog timer is disabled.
> >
> > In general, you can't expect an OS to have support for a particular
> > watchdog timer. So (3) only makes sense in cases where U-Boot is
> > bundled with an OS image.
>
> We need to be careful here then. The current and historical / generally
> expected behavior is if we've enabled the watchdog we supervise it and
> leave it enabled for the OS. Given what UEFI requires I'd like to see
> that case handled with a print about disabling the watchdog so it's not
> a surprise to the user. I say this because it's a surprise to me and I
> guess answers the question of "how does x86 handle this?" I had the
> other day.
So the UEFI requirement actually is:
* Before starting an EFI payload a watchdog timer is started to reset
the system after 5 minutes.
* This watchdog timer is cancelled as soon as the EFI payload calls
ExitBootServices().
The OpenBSD kernel in general does not supervise the watchdog unless
explicitly requested to do so by the user. What may happen is that
the driver for the hardware stops the watchdog timer when it attaches,
but (a) that is just a side-effect and (b) watchdog timer support
isn't implemented for all supported SoCs.
The OpenBSD EFI bootloader does explicitly disable the watchdog timer
though by calling SetWatchdogTime() as soon as it starts. This is to
prevent an automatic reboot if you leave it sitting at the boot prompt
for more than 5 minutes. This is done across all our architectures
that support EFI, including amd64. So maybe that hides any
non-conforming behaviour.
More information about the U-Boot
mailing list