Re: [PATCH] watchdog: softdog: fire watchdog even if softirqs do not get to run

From: Guenter Roeck
Date: Mon Feb 20 2017 - 05:43:15 EST

On 02/20/2017 12:36 AM, Peter Zijlstra wrote:
On Sun, Feb 19, 2017 at 08:46:28AM -0800, Guenter Roeck wrote:
Cc: Wolfram for input.

On 02/17/2017 10:25 AM, Niklas Cassel wrote:
From: Niklas Cassel <niklas.cassel@xxxxxxxx>

Checking for timer expiration is done from the softirq TIMER_SOFTIRQ.

Since commit 4cd13c21b207 ("softirq: Let ksoftirqd do its job"),
pending softirqs are no longer always handled immediately, instead,
if there are pending softirqs, and ksoftirqd is in state TASK_RUNNING,
the handling of the softirqs are deferred, and are instead supposed
to be handled by ksoftirqd, when ksoftirqd gets scheduled.

If a user space process with a real-time policy starts to misbehave
by never relinquishing the CPU while ksoftirqd is in state TASK_RUNNING,
what will happen is that all softirqs will get deferred, while ksoftirqd,
which is supposed to handle the deferred softirqs, will never get to run.

To make sure that the watchdog is able to fire even when we do not get
to run softirqs, replace the timers with hrtimers.

This makes the driver dependent on HIGH_RES_TIMERS, which is not available
on all architectures. Before adding that restriction, I would like to see
some discussion if this is the only feasible solution.

It does no such thing; the hrtimer interface is always available.

That is good to hear. Thanks for the correction.