Re: [PATCH v4 2/3] watchdog: introduce watchdog.open_timeout commandline parameter

From: Rasmus Villemoes
Date: Wed Jan 11 2017 - 03:22:07 EST

Next message: Uwe Kleine-König: "Re: [PATCH v8 2/5] i2c: Add STM32F4 I2C driver"
Previous message: Greg KH: "Re: [PATCH v4 1/2] eeprom: Add IDT 89HPESx EEPROM/CSR driver"
In reply to: Guenter Roeck: "Re: [PATCH v4 2/3] watchdog: introduce watchdog.open_timeout commandline parameter"
Next in thread: Guenter Roeck: "Re: [PATCH v4 2/3] watchdog: introduce watchdog.open_timeout commandline parameter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2017-01-10 19:08, Guenter Roeck wrote:

On Mon, Jan 09, 2017 at 04:02:32PM +0100, Rasmus Villemoes wrote:

+static unsigned open_timeout;
+module_param(open_timeout, uint, 0644);
+
+static bool watchdog_past_open_deadline(struct watchdog_core_data *data)
+{
+ if (!open_timeout)
+ return false;
+ return time_is_before_jiffies(data->open_deadline);

Doesn't this return true if the time is _before_ the open deadline ?
Should it be time_is_after_jiffies() ?

Yes, time_is_before_jiffies(foo) means foo < jiffies, and that is what we want when we're querying whether we've passed the deadline.

+}
+
+static void watchdog_set_open_deadline(struct watchdog_core_data *data)
+{
+ data->open_deadline = jiffies + msecs_to_jiffies(open_timeout);

The open deadline as defined applies to the time after the device was
instantiated, not to the time since boot. Would it be better to make it
"time since boot" ?

I don't have a strong opinion on that, but two small things made me do it this way: (1) In case a hardware watchdog is somehow hotplugged long after boot and userspace is supposed to detect that and start feeding it, it wouldn't make sense for the framework not to take care of it for a while. (2) The open_timeout also applies to the case where the userspace app gracefully closes the watchdog device (e.g. because it's been instructed to restart to load a new configuration or whatnot) but the hardware cannot be stopped. In that case, the framework also takes over, and the same logic as after boot should apply - if the app fails to come up again, the framework should not feed the dog indefinitely, but OTOH it clearly doesn't make sense to have a boot-time based deadline.

Also, are you sure about using milli-seconds (instead of seconds) ?
I can not really imagine a situation where this would be needed
(especially and even more so in the context of using "time after
instantiating").

I went back and forth on this. I did milli-seconds because that should cover more use cases. Yes, wanting an open timeout of .7 seconds with 1.0 seconds being unacceptable is unusual, but I know of some customers with very strict requirements. Also, even if one cannot make userspace start that fast, one can boot with a somewhat generous open_timeout and then write 700 to /sys/module/watchdog/parameters/open_timeout for use in case (2) above.

Thanks,
Rasmus

--
Rasmus Villemoes
Software Developer
Prevas A/S
Hedeager 1
DK-8200 Aarhus N
+45 51210274
rasmus.villemoes@xxxxxxxxx
www.prevas.dk

Next message: Uwe Kleine-König: "Re: [PATCH v8 2/5] i2c: Add STM32F4 I2C driver"
Previous message: Greg KH: "Re: [PATCH v4 1/2] eeprom: Add IDT 89HPESx EEPROM/CSR driver"
In reply to: Guenter Roeck: "Re: [PATCH v4 2/3] watchdog: introduce watchdog.open_timeout commandline parameter"
Next in thread: Guenter Roeck: "Re: [PATCH v4 2/3] watchdog: introduce watchdog.open_timeout commandline parameter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]