From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Walle Date: Tue, 22 Sep 2020 08:59:00 +0200 Subject: u-boot leaves watchdog enabled by default In-Reply-To: <20200922011821.GX14816@bill-the-cat> References: <2a15bff36a6ab3a36dfb20f3db220e14@walle.cc> <86a5f3864db6f5eebe9dbf8c0b5ad05b@walle.cc> <685c3886-643f-7f33-3226-ba6814ba0dc0@denx.de> <20200921173051.GQ14816@bill-the-cat> <9ff2d3da-4a79-3dca-2000-eeb4f36c9342@gmx.de> <20200921185047.GU14816@bill-the-cat> <40c5d7ba798c9cf51a32cf5cb3882fea@walle.cc> <20200922011821.GX14816@bill-the-cat> Message-ID: <4bc69734b7d9c2072360ae0471bb63eb@walle.cc> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Hi, Am 2020-09-22 03:18, schrieb Tom Rini: > On Mon, Sep 21, 2020 at 10:56:14PM +0200, Michael Walle wrote: >> Hi, >> [..] >> > > >>> >> called in the bootefi case. So even if I'd do a workaround and >> > > >>> stop it >> > > >>> >> manually in my board code, I couldn't do that consistently for >> > > >>> >> bootm/bootefi. >> > > >>> >> >> > > >>> >> Or am I missing something here? >> > > >>> > >> > > >>> > Define CONFIG_WATCHDOG. >> > > >>> > This takes care of resetting wdt. >> > > >>> >> > > >>> Yes as along as you're inside the bootloader, but when u-boot hands >> > > >>> control over the OS the watchdog is not serviced anymore; which wouldn't >> > > >>> be a problem per se, but it is enabled unconditionally by u-boot. >> > > >>> >> > > >>> >> > > >>> Just to add some data. At $dayjob we use this behaviour as a failsafe to >> > > >>> make sure our userspace gets to a point where it is servicing the >> > > >>> watchdog. >> > > >> >> > > >> Yes, this is exactly how this is supposed to work AFAIK. >> > > >> >> > > >> Michael, are you sure that the watchdog was disabled in U-Boot when >> > > >> booting into the OS before this patch? >> > > >> >> > > >>> That said having a leave-wdt-running environment variable would work for >> > > >>> our use case. >> > > >> >> > > >> I would rather use it the other way around. Something like "wdt-stop- >> > > >> pre-os" to optionally stop the WDT before booting into the OS. >> > > >> >> > > >> Remark: >> > > >> IMHO, if you don't use the WDT in the OS, it does not make much sense >> > > >> to enable the WDT in U-Boot. >> > > > >> > > > Yes, we need to be very careful about making it so that a watchdog is >> > > > disabled and not re-enabled before moving on for a whole bunch of >> > > > reasons. And the best option would be to just disable the watchdog if >> > > > it won't be used while the device is running the OS. >> > > > >> > > >> > > The requirement of the UEFI specification is that if booting fails a >> > > system should reset after five minutes by default. We ensure this in >> > > the >> > > UEFI sub-system before ExitBootServices() using an EFI timer event. >> > > >> > > In the UEFI sub-system we currently call in ExitBootServices(): >> > > >> > > efi_set_watchdog(0); /* this disables the EFI timer */ >> > > WATCHDOG_RESET(); >> > > >> > > Is there any requirement to do more? >> > >> > For EFI or ? What I'm saying is that the watchdog must be left running >> > and not stopped, if we either: >> > - Came in to the world with the watchdog running AND were not >> > specifically told to disable the watching. >> > - Came in to the world and were told to enable a watchdog. >> >> My reason to start this thread was the fact that a watchdog is started >> by default in a generic way (i.e. initr_watchdog()) but there is _no_ >> way to disable it. I'm having a minimal board configuration and I want > > OK, but why is CONFIG_WDT enabled if you don't want to use the > watchdog? I guess we agree, that there are good reasons to have watchdog support in the bootloader (and even to keep in on before starting an OS). Think of tailored embedded operating systems for a specifc use case. In fact, for my board, the initial watchdog might even be enabled before u-boot and supervises the bootloader startup and switches to a failsafe image in case of an error. Thus, there is also a handy command "wdt expire 1" to restart into that image manually. OTOH, I really want to support generic distributions which doesn't know anything about an already running watchdog. Oh and I want the user to be able to install and boot a distribution without any change to the bootloader environment. Therefore, the default for this board has to be "watchdog disabled before booting OS". Like I said, I'm fine with having a #define ENV "disable-wdt-pre-os" in the board configuration. -michael