[PATCH v3] Documentation: add watchdog documentation
o.rempel at pengutronix.de
Mon Feb 18 00:06:16 PST 2019
On 18.02.19 08:56, Tomaž Šolc wrote:
> On 18. 02. 19 08:12, Oleksij Rempel wrote:
>> +A watchdog is the last line of defense on misbehaving systems. Thus, proper
>> +hardware and watchdog design considerations should be made to be able to reduce
>> +the impact of failing systems in the field. In the best case, the bootloader
>> +should not touch it at all. No watchdog feeding should be done until
>> +application-critical software (or a userspace service manager such as
>> +'systemd') was started.
>> +In case the bootloader is responsible for watchdog activation, the system can
>> +be considered as failed by design.
> I think this is too strongly worded and I would leave out this last sentence. It seems
> arrogant for documentation to judge what is "failed by design" like this, without
> considering any other requirements for a system.
Can you please provide an example of a requirement, which can't be considered as bad design.
> Such a "failed" watchdog is still better than no watchdog in many cases and sometimes it's
> the only option, as the text in later paragraphs explains. The paragraph above already
> recommends that in the ideal case the bootloader shouldn't touch the watchdog. I think
> that is enough.
> Also, as far as I know, the Linux kernel will feed the watchdog on a kernel timer during
> boot and until a userspace process grabs /dev/watchdog. So based on this basically all
> systems based on Linux are already a failed design.
Correct. The fact, it is enabled by default in kernel do not means, it was a good decision.
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox