Based on kernel version 4.16.1. Page generated on 2018-04-09 11:53 EST.
1 The Linux WatchDog Timer Driver Core kernel API. 2 =============================================== 3 Last reviewed: 12-Feb-2013 4 5 Wim Van Sebroeck <wim@iguana.be> 6 7 Introduction 8 ------------ 9 This document does not describe what a WatchDog Timer (WDT) Driver or Device is. 10 It also does not describe the API which can be used by user space to communicate 11 with a WatchDog Timer. If you want to know this then please read the following 12 file: Documentation/watchdog/watchdog-api.txt . 13 14 So what does this document describe? It describes the API that can be used by 15 WatchDog Timer Drivers that want to use the WatchDog Timer Driver Core 16 Framework. This framework provides all interfacing towards user space so that 17 the same code does not have to be reproduced each time. This also means that 18 a watchdog timer driver then only needs to provide the different routines 19 (operations) that control the watchdog timer (WDT). 20 21 The API 22 ------- 23 Each watchdog timer driver that wants to use the WatchDog Timer Driver Core 24 must #include <linux/watchdog.h> (you would have to do this anyway when 25 writing a watchdog device driver). This include file contains following 26 register/unregister routines: 27 28 extern int watchdog_register_device(struct watchdog_device *); 29 extern void watchdog_unregister_device(struct watchdog_device *); 30 31 The watchdog_register_device routine registers a watchdog timer device. 32 The parameter of this routine is a pointer to a watchdog_device structure. 33 This routine returns zero on success and a negative errno code for failure. 34 35 The watchdog_unregister_device routine deregisters a registered watchdog timer 36 device. The parameter of this routine is the pointer to the registered 37 watchdog_device structure. 38 39 The watchdog subsystem includes an registration deferral mechanism, 40 which allows you to register an watchdog as early as you wish during 41 the boot process. 42 43 The watchdog device structure looks like this: 44 45 struct watchdog_device { 46 int id; 47 struct device *parent; 48 const struct attribute_group **groups; 49 const struct watchdog_info *info; 50 const struct watchdog_ops *ops; 51 const struct watchdog_governor *gov; 52 unsigned int bootstatus; 53 unsigned int timeout; 54 unsigned int pretimeout; 55 unsigned int min_timeout; 56 unsigned int max_timeout; 57 unsigned int min_hw_heartbeat_ms; 58 unsigned int max_hw_heartbeat_ms; 59 struct notifier_block reboot_nb; 60 struct notifier_block restart_nb; 61 void *driver_data; 62 struct watchdog_core_data *wd_data; 63 unsigned long status; 64 struct list_head deferred; 65 }; 66 67 It contains following fields: 68 * id: set by watchdog_register_device, id 0 is special. It has both a 69 /dev/watchdog0 cdev (dynamic major, minor 0) as well as the old 70 /dev/watchdog miscdev. The id is set automatically when calling 71 watchdog_register_device. 72 * parent: set this to the parent device (or NULL) before calling 73 watchdog_register_device. 74 * groups: List of sysfs attribute groups to create when creating the watchdog 75 device. 76 * info: a pointer to a watchdog_info structure. This structure gives some 77 additional information about the watchdog timer itself. (Like it's unique name) 78 * ops: a pointer to the list of watchdog operations that the watchdog supports. 79 * gov: a pointer to the assigned watchdog device pretimeout governor or NULL. 80 * timeout: the watchdog timer's timeout value (in seconds). 81 This is the time after which the system will reboot if user space does 82 not send a heartbeat request if WDOG_ACTIVE is set. 83 * pretimeout: the watchdog timer's pretimeout value (in seconds). 84 * min_timeout: the watchdog timer's minimum timeout value (in seconds). 85 If set, the minimum configurable value for 'timeout'. 86 * max_timeout: the watchdog timer's maximum timeout value (in seconds), 87 as seen from userspace. If set, the maximum configurable value for 88 'timeout'. Not used if max_hw_heartbeat_ms is non-zero. 89 * min_hw_heartbeat_ms: Hardware limit for minimum time between heartbeats, 90 in milli-seconds. This value is normally 0; it should only be provided 91 if the hardware can not tolerate lower intervals between heartbeats. 92 * max_hw_heartbeat_ms: Maximum hardware heartbeat, in milli-seconds. 93 If set, the infrastructure will send heartbeats to the watchdog driver 94 if 'timeout' is larger than max_hw_heartbeat_ms, unless WDOG_ACTIVE 95 is set and userspace failed to send a heartbeat for at least 'timeout' 96 seconds. max_hw_heartbeat_ms must be set if a driver does not implement 97 the stop function. 98 * reboot_nb: notifier block that is registered for reboot notifications, for 99 internal use only. If the driver calls watchdog_stop_on_reboot, watchdog core 100 will stop the watchdog on such notifications. 101 * restart_nb: notifier block that is registered for machine restart, for 102 internal use only. If a watchdog is capable of restarting the machine, it 103 should define ops->restart. Priority can be changed through 104 watchdog_set_restart_priority. 105 * bootstatus: status of the device after booting (reported with watchdog 106 WDIOF_* status bits). 107 * driver_data: a pointer to the drivers private data of a watchdog device. 108 This data should only be accessed via the watchdog_set_drvdata and 109 watchdog_get_drvdata routines. 110 * wd_data: a pointer to watchdog core internal data. 111 * status: this field contains a number of status bits that give extra 112 information about the status of the device (Like: is the watchdog timer 113 running/active, or is the nowayout bit set). 114 * deferred: entry in wtd_deferred_reg_list which is used to 115 register early initialized watchdogs. 116 117 The list of watchdog operations is defined as: 118 119 struct watchdog_ops { 120 struct module *owner; 121 /* mandatory operations */ 122 int (*start)(struct watchdog_device *); 123 int (*stop)(struct watchdog_device *); 124 /* optional operations */ 125 int (*ping)(struct watchdog_device *); 126 unsigned int (*status)(struct watchdog_device *); 127 int (*set_timeout)(struct watchdog_device *, unsigned int); 128 int (*set_pretimeout)(struct watchdog_device *, unsigned int); 129 unsigned int (*get_timeleft)(struct watchdog_device *); 130 int (*restart)(struct watchdog_device *); 131 void (*ref)(struct watchdog_device *) __deprecated; 132 void (*unref)(struct watchdog_device *) __deprecated; 133 long (*ioctl)(struct watchdog_device *, unsigned int, unsigned long); 134 }; 135 136 It is important that you first define the module owner of the watchdog timer 137 driver's operations. This module owner will be used to lock the module when 138 the watchdog is active. (This to avoid a system crash when you unload the 139 module and /dev/watchdog is still open). 140 141 Some operations are mandatory and some are optional. The mandatory operations 142 are: 143 * start: this is a pointer to the routine that starts the watchdog timer 144 device. 145 The routine needs a pointer to the watchdog timer device structure as a 146 parameter. It returns zero on success or a negative errno code for failure. 147 148 Not all watchdog timer hardware supports the same functionality. That's why 149 all other routines/operations are optional. They only need to be provided if 150 they are supported. These optional routines/operations are: 151 * stop: with this routine the watchdog timer device is being stopped. 152 The routine needs a pointer to the watchdog timer device structure as a 153 parameter. It returns zero on success or a negative errno code for failure. 154 Some watchdog timer hardware can only be started and not be stopped. A 155 driver supporting such hardware does not have to implement the stop routine. 156 If a driver has no stop function, the watchdog core will set WDOG_HW_RUNNING 157 and start calling the driver's keepalive pings function after the watchdog 158 device is closed. 159 If a watchdog driver does not implement the stop function, it must set 160 max_hw_heartbeat_ms. 161 * ping: this is the routine that sends a keepalive ping to the watchdog timer 162 hardware. 163 The routine needs a pointer to the watchdog timer device structure as a 164 parameter. It returns zero on success or a negative errno code for failure. 165 Most hardware that does not support this as a separate function uses the 166 start function to restart the watchdog timer hardware. And that's also what 167 the watchdog timer driver core does: to send a keepalive ping to the watchdog 168 timer hardware it will either use the ping operation (when available) or the 169 start operation (when the ping operation is not available). 170 (Note: the WDIOC_KEEPALIVE ioctl call will only be active when the 171 WDIOF_KEEPALIVEPING bit has been set in the option field on the watchdog's 172 info structure). 173 * status: this routine checks the status of the watchdog timer device. The 174 status of the device is reported with watchdog WDIOF_* status flags/bits. 175 WDIOF_MAGICCLOSE and WDIOF_KEEPALIVEPING are reported by the watchdog core; 176 it is not necessary to report those bits from the driver. Also, if no status 177 function is provided by the driver, the watchdog core reports the status bits 178 provided in the bootstatus variable of struct watchdog_device. 179 * set_timeout: this routine checks and changes the timeout of the watchdog 180 timer device. It returns 0 on success, -EINVAL for "parameter out of range" 181 and -EIO for "could not write value to the watchdog". On success this 182 routine should set the timeout value of the watchdog_device to the 183 achieved timeout value (which may be different from the requested one 184 because the watchdog does not necessarily have a 1 second resolution). 185 Drivers implementing max_hw_heartbeat_ms set the hardware watchdog heartbeat 186 to the minimum of timeout and max_hw_heartbeat_ms. Those drivers set the 187 timeout value of the watchdog_device either to the requested timeout value 188 (if it is larger than max_hw_heartbeat_ms), or to the achieved timeout value. 189 (Note: the WDIOF_SETTIMEOUT needs to be set in the options field of the 190 watchdog's info structure). 191 If the watchdog driver does not have to perform any action but setting the 192 watchdog_device.timeout, this callback can be omitted. 193 If set_timeout is not provided but, WDIOF_SETTIMEOUT is set, the watchdog 194 infrastructure updates the timeout value of the watchdog_device internally 195 to the requested value. 196 If the pretimeout feature is used (WDIOF_PRETIMEOUT), then set_timeout must 197 also take care of checking if pretimeout is still valid and set up the timer 198 accordingly. This can't be done in the core without races, so it is the 199 duty of the driver. 200 * set_pretimeout: this routine checks and changes the pretimeout value of 201 the watchdog. It is optional because not all watchdogs support pretimeout 202 notification. The timeout value is not an absolute time, but the number of 203 seconds before the actual timeout would happen. It returns 0 on success, 204 -EINVAL for "parameter out of range" and -EIO for "could not write value to 205 the watchdog". A value of 0 disables pretimeout notification. 206 (Note: the WDIOF_PRETIMEOUT needs to be set in the options field of the 207 watchdog's info structure). 208 If the watchdog driver does not have to perform any action but setting the 209 watchdog_device.pretimeout, this callback can be omitted. That means if 210 set_pretimeout is not provided but WDIOF_PRETIMEOUT is set, the watchdog 211 infrastructure updates the pretimeout value of the watchdog_device internally 212 to the requested value. 213 * get_timeleft: this routines returns the time that's left before a reset. 214 * restart: this routine restarts the machine. It returns 0 on success or a 215 negative errno code for failure. 216 * ioctl: if this routine is present then it will be called first before we do 217 our own internal ioctl call handling. This routine should return -ENOIOCTLCMD 218 if a command is not supported. The parameters that are passed to the ioctl 219 call are: watchdog_device, cmd and arg. 220 221 The 'ref' and 'unref' operations are no longer used and deprecated. 222 223 The status bits should (preferably) be set with the set_bit and clear_bit alike 224 bit-operations. The status bits that are defined are: 225 * WDOG_ACTIVE: this status bit indicates whether or not a watchdog timer device 226 is active or not from user perspective. User space is expected to send 227 heartbeat requests to the driver while this flag is set. 228 * WDOG_NO_WAY_OUT: this bit stores the nowayout setting for the watchdog. 229 If this bit is set then the watchdog timer will not be able to stop. 230 * WDOG_HW_RUNNING: Set by the watchdog driver if the hardware watchdog is 231 running. The bit must be set if the watchdog timer hardware can not be 232 stopped. The bit may also be set if the watchdog timer is running after 233 booting, before the watchdog device is opened. If set, the watchdog 234 infrastructure will send keepalives to the watchdog hardware while 235 WDOG_ACTIVE is not set. 236 Note: when you register the watchdog timer device with this bit set, 237 then opening /dev/watchdog will skip the start operation but send a keepalive 238 request instead. 239 240 To set the WDOG_NO_WAY_OUT status bit (before registering your watchdog 241 timer device) you can either: 242 * set it statically in your watchdog_device struct with 243 .status = WATCHDOG_NOWAYOUT_INIT_STATUS, 244 (this will set the value the same as CONFIG_WATCHDOG_NOWAYOUT) or 245 * use the following helper function: 246 static inline void watchdog_set_nowayout(struct watchdog_device *wdd, int nowayout) 247 248 Note: The WatchDog Timer Driver Core supports the magic close feature and 249 the nowayout feature. To use the magic close feature you must set the 250 WDIOF_MAGICCLOSE bit in the options field of the watchdog's info structure. 251 The nowayout feature will overrule the magic close feature. 252 253 To get or set driver specific data the following two helper functions should be 254 used: 255 256 static inline void watchdog_set_drvdata(struct watchdog_device *wdd, void *data) 257 static inline void *watchdog_get_drvdata(struct watchdog_device *wdd) 258 259 The watchdog_set_drvdata function allows you to add driver specific data. The 260 arguments of this function are the watchdog device where you want to add the 261 driver specific data to and a pointer to the data itself. 262 263 The watchdog_get_drvdata function allows you to retrieve driver specific data. 264 The argument of this function is the watchdog device where you want to retrieve 265 data from. The function returns the pointer to the driver specific data. 266 267 To initialize the timeout field, the following function can be used: 268 269 extern int watchdog_init_timeout(struct watchdog_device *wdd, 270 unsigned int timeout_parm, struct device *dev); 271 272 The watchdog_init_timeout function allows you to initialize the timeout field 273 using the module timeout parameter or by retrieving the timeout-sec property from 274 the device tree (if the module timeout parameter is invalid). Best practice is 275 to set the default timeout value as timeout value in the watchdog_device and 276 then use this function to set the user "preferred" timeout value. 277 This routine returns zero on success and a negative errno code for failure. 278 279 To disable the watchdog on reboot, the user must call the following helper: 280 281 static inline void watchdog_stop_on_reboot(struct watchdog_device *wdd); 282 283 To disable the watchdog when unregistering the watchdog, the user must call 284 the following helper. Note that this will only stop the watchdog if the 285 nowayout flag is not set. 286 287 static inline void watchdog_stop_on_unregister(struct watchdog_device *wdd); 288 289 To change the priority of the restart handler the following helper should be 290 used: 291 292 void watchdog_set_restart_priority(struct watchdog_device *wdd, int priority); 293 294 User should follow the following guidelines for setting the priority: 295 * 0: should be called in last resort, has limited restart capabilities 296 * 128: default restart handler, use if no other handler is expected to be 297 available, and/or if restart is sufficient to restart the entire system 298 * 255: highest priority, will preempt all other restart handlers 299 300 To raise a pretimeout notification, the following function should be used: 301 302 void watchdog_notify_pretimeout(struct watchdog_device *wdd) 303 304 The function can be called in the interrupt context. If watchdog pretimeout 305 governor framework (kbuild CONFIG_WATCHDOG_PRETIMEOUT_GOV symbol) is enabled, 306 an action is taken by a preconfigured pretimeout governor preassigned to 307 the watchdog device. If watchdog pretimeout governor framework is not 308 enabled, watchdog_notify_pretimeout() prints a notification message to 309 the kernel log buffer.