can the hardware watchdog reboot a hung kernel?
Daniel Braniss
danny at cs.huji.ac.il
Fri Nov 15 16:58:28 UTC 2019
> On 14 Nov 2019, at 20:19, Ian Lepore <ian at freebsd.org> wrote:
>
> On Thu, 2019-11-14 at 20:10 +0200, Daniel Braniss wrote:
>>> On 14 Nov 2019, at 18:02, Ian Lepore <ian at freebsd.org> wrote:
>>>
>>> On Thu, 2019-11-14 at 17:35 +0200, Daniel Braniss wrote:
>>>>> On 14 Nov 2019, at 17:28, Eugene Grosbein <eugen at grosbein.net>
>>>>> wrote:
>>>>>
>>>>> 14.11.2019 21:52, Daniel Braniss wrote:
>>>>>
>>>>>> hi,
>>>>>> I have serveral hundred Nano-pi NEO running, and sometimes they
>>>>>> hang, since there is no console
>>>>>> available, the only solution is to do a power cycle - not so easy
>>>>>> since they are distributed in three buildings :-)
>>>>>>
>>>>>> I am looking at the watchdog stuff, but it seems that what I want
>>>>>> is not supported, i.e.
>>>>>> reboot the kernel when hung
>>>>>>
>>>>>> wishful thinking?
>>>>>
>>>>> It's possible if the hardware has such a watchdog and kernel
>>>>> subsystem watchdog(4) supports it.
>>>>> rc.conf(5) manual page describes watchdogd_enable option.
>>>>>
>>>>
>>>> yes, but it relys on user land, what if the kernel is hung?
>>>>
>>>
>>> It relies on the userland daemon to issue the ioctl() calls to pet the
>>> dog. If the kernel is hung, then userland code isn't going to run
>>> either, and the watchdog petting won't happen, and eventually the
>>> hardware reboots.
>>>
>>> We use this at $work specifically to reboot if the kernel hangs, using
>>> this config:
>>>
>>> watchdogd_enable=YES
>>> watchdogd_flags="-s 16 -t 64 -x 64"
>>>
>>> That says the daemon should pet the dog every 16 seconds, and the
>>> hardware is programmed to reboot if 64 seconds elapses without petting.
>>> In addition, when watchdogd is shutdown normally (like during a normal
>>> system reboot) it doesn't disable the watchdog hardware, it sets the
>>> timeout to 64s to protect against any kind of hang during the reboot.
>>> The -t and -x times can be different, 64s just happens to work well for
>>> us in both cases.
>>>
>>> -- Ian
>>>
>>
>> ok, that is very encouraging, now a last question
>> how can i hang the kernel to test that the watchdog kicks in? apart from writing a kernel module :-)
>>
>
> One thing to be careful of here is multicore systems. If you have a
> critical app running on a multicore system, that app can hang (maybe it
> tries to read from a device that has malfunctioned and essentially gets
> hung forever in a device driver that doesn't implement timeouts very
> well or something). In that case, only one core is hung, so watchdogd
> will be able to keep petting the dog to prevent a reboot, but since
> your app is hung on a different core, you aren't really getting the
> protection you need.
>
> The fix for that is to either turn you app into watchdogd (have it make
> the periodic ioctl() calls to pet the dog), or use the '-e cmd' option
> with watchdogd, and make 'cmd' be a script that somehow verifies that
> your critical application is still running properly.
>
> —Ian
in my case the kernel is hung, probably by my app - which is using 2 i2c devices, , BTW, this does not happen very often,
maybe once a month, but is annoying.
now the watchdog stuff:
1- the all winner/nanopi neo can only handle up to 8 sec timeout (the next is 16sec (2^34))
the watchdogd complainsif >8sec:
aw_wdog0: Can't arm, timeout is more than 16 sec
and continues trying - IMHO it should exit.
2- this is a bit more annoying:
entering the debugger will trigger the timeout and it will the perform a clean reboot (*)
doing a shutdown -r leaves the watchdog in some weird state so the reboot hangs when starting the watchdog
win some, loose some :-)
*: in MHO, entering the debugger should stop the hardware timeout - or at least optional
cheers and thanks
danny
More information about the freebsd-hackers
mailing list