watchdog-kernel-api.txt 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303
  1. The Linux WatchDog Timer Driver Core kernel API.
  2. ===============================================
  3. Last reviewed: 12-Feb-2013
  4. Wim Van Sebroeck <[email protected]>
  5. Introduction
  6. ------------
  7. This document does not describe what a WatchDog Timer (WDT) Driver or Device is.
  8. It also does not describe the API which can be used by user space to communicate
  9. with a WatchDog Timer. If you want to know this then please read the following
  10. file: Documentation/watchdog/watchdog-api.txt .
  11. So what does this document describe? It describes the API that can be used by
  12. WatchDog Timer Drivers that want to use the WatchDog Timer Driver Core
  13. Framework. This framework provides all interfacing towards user space so that
  14. the same code does not have to be reproduced each time. This also means that
  15. a watchdog timer driver then only needs to provide the different routines
  16. (operations) that control the watchdog timer (WDT).
  17. The API
  18. -------
  19. Each watchdog timer driver that wants to use the WatchDog Timer Driver Core
  20. must #include <linux/watchdog.h> (you would have to do this anyway when
  21. writing a watchdog device driver). This include file contains following
  22. register/unregister routines:
  23. extern int watchdog_register_device(struct watchdog_device *);
  24. extern void watchdog_unregister_device(struct watchdog_device *);
  25. The watchdog_register_device routine registers a watchdog timer device.
  26. The parameter of this routine is a pointer to a watchdog_device structure.
  27. This routine returns zero on success and a negative errno code for failure.
  28. The watchdog_unregister_device routine deregisters a registered watchdog timer
  29. device. The parameter of this routine is the pointer to the registered
  30. watchdog_device structure.
  31. The watchdog subsystem includes an registration deferral mechanism,
  32. which allows you to register an watchdog as early as you wish during
  33. the boot process.
  34. The watchdog device structure looks like this:
  35. struct watchdog_device {
  36. int id;
  37. struct device *parent;
  38. const struct attribute_group **groups;
  39. const struct watchdog_info *info;
  40. const struct watchdog_ops *ops;
  41. const struct watchdog_governor *gov;
  42. unsigned int bootstatus;
  43. unsigned int timeout;
  44. unsigned int pretimeout;
  45. unsigned int min_timeout;
  46. unsigned int max_timeout;
  47. unsigned int min_hw_heartbeat_ms;
  48. unsigned int max_hw_heartbeat_ms;
  49. struct notifier_block reboot_nb;
  50. struct notifier_block restart_nb;
  51. void *driver_data;
  52. struct watchdog_core_data *wd_data;
  53. unsigned long status;
  54. struct list_head deferred;
  55. };
  56. It contains following fields:
  57. * id: set by watchdog_register_device, id 0 is special. It has both a
  58. /dev/watchdog0 cdev (dynamic major, minor 0) as well as the old
  59. /dev/watchdog miscdev. The id is set automatically when calling
  60. watchdog_register_device.
  61. * parent: set this to the parent device (or NULL) before calling
  62. watchdog_register_device.
  63. * groups: List of sysfs attribute groups to create when creating the watchdog
  64. device.
  65. * info: a pointer to a watchdog_info structure. This structure gives some
  66. additional information about the watchdog timer itself. (Like it's unique name)
  67. * ops: a pointer to the list of watchdog operations that the watchdog supports.
  68. * gov: a pointer to the assigned watchdog device pretimeout governor or NULL.
  69. * timeout: the watchdog timer's timeout value (in seconds).
  70. This is the time after which the system will reboot if user space does
  71. not send a heartbeat request if WDOG_ACTIVE is set.
  72. * pretimeout: the watchdog timer's pretimeout value (in seconds).
  73. * min_timeout: the watchdog timer's minimum timeout value (in seconds).
  74. If set, the minimum configurable value for 'timeout'.
  75. * max_timeout: the watchdog timer's maximum timeout value (in seconds),
  76. as seen from userspace. If set, the maximum configurable value for
  77. 'timeout'. Not used if max_hw_heartbeat_ms is non-zero.
  78. * min_hw_heartbeat_ms: Hardware limit for minimum time between heartbeats,
  79. in milli-seconds. This value is normally 0; it should only be provided
  80. if the hardware can not tolerate lower intervals between heartbeats.
  81. * max_hw_heartbeat_ms: Maximum hardware heartbeat, in milli-seconds.
  82. If set, the infrastructure will send heartbeats to the watchdog driver
  83. if 'timeout' is larger than max_hw_heartbeat_ms, unless WDOG_ACTIVE
  84. is set and userspace failed to send a heartbeat for at least 'timeout'
  85. seconds. max_hw_heartbeat_ms must be set if a driver does not implement
  86. the stop function.
  87. * reboot_nb: notifier block that is registered for reboot notifications, for
  88. internal use only. If the driver calls watchdog_stop_on_reboot, watchdog core
  89. will stop the watchdog on such notifications.
  90. * restart_nb: notifier block that is registered for machine restart, for
  91. internal use only. If a watchdog is capable of restarting the machine, it
  92. should define ops->restart. Priority can be changed through
  93. watchdog_set_restart_priority.
  94. * bootstatus: status of the device after booting (reported with watchdog
  95. WDIOF_* status bits).
  96. * driver_data: a pointer to the drivers private data of a watchdog device.
  97. This data should only be accessed via the watchdog_set_drvdata and
  98. watchdog_get_drvdata routines.
  99. * wd_data: a pointer to watchdog core internal data.
  100. * status: this field contains a number of status bits that give extra
  101. information about the status of the device (Like: is the watchdog timer
  102. running/active, or is the nowayout bit set).
  103. * deferred: entry in wtd_deferred_reg_list which is used to
  104. register early initialized watchdogs.
  105. The list of watchdog operations is defined as:
  106. struct watchdog_ops {
  107. struct module *owner;
  108. /* mandatory operations */
  109. int (*start)(struct watchdog_device *);
  110. int (*stop)(struct watchdog_device *);
  111. /* optional operations */
  112. int (*ping)(struct watchdog_device *);
  113. unsigned int (*status)(struct watchdog_device *);
  114. int (*set_timeout)(struct watchdog_device *, unsigned int);
  115. int (*set_pretimeout)(struct watchdog_device *, unsigned int);
  116. unsigned int (*get_timeleft)(struct watchdog_device *);
  117. int (*restart)(struct watchdog_device *);
  118. void (*ref)(struct watchdog_device *) __deprecated;
  119. void (*unref)(struct watchdog_device *) __deprecated;
  120. long (*ioctl)(struct watchdog_device *, unsigned int, unsigned long);
  121. };
  122. It is important that you first define the module owner of the watchdog timer
  123. driver's operations. This module owner will be used to lock the module when
  124. the watchdog is active. (This to avoid a system crash when you unload the
  125. module and /dev/watchdog is still open).
  126. Some operations are mandatory and some are optional. The mandatory operations
  127. are:
  128. * start: this is a pointer to the routine that starts the watchdog timer
  129. device.
  130. The routine needs a pointer to the watchdog timer device structure as a
  131. parameter. It returns zero on success or a negative errno code for failure.
  132. Not all watchdog timer hardware supports the same functionality. That's why
  133. all other routines/operations are optional. They only need to be provided if
  134. they are supported. These optional routines/operations are:
  135. * stop: with this routine the watchdog timer device is being stopped.
  136. The routine needs a pointer to the watchdog timer device structure as a
  137. parameter. It returns zero on success or a negative errno code for failure.
  138. Some watchdog timer hardware can only be started and not be stopped. A
  139. driver supporting such hardware does not have to implement the stop routine.
  140. If a driver has no stop function, the watchdog core will set WDOG_HW_RUNNING
  141. and start calling the driver's keepalive pings function after the watchdog
  142. device is closed.
  143. If a watchdog driver does not implement the stop function, it must set
  144. max_hw_heartbeat_ms.
  145. * ping: this is the routine that sends a keepalive ping to the watchdog timer
  146. hardware.
  147. The routine needs a pointer to the watchdog timer device structure as a
  148. parameter. It returns zero on success or a negative errno code for failure.
  149. Most hardware that does not support this as a separate function uses the
  150. start function to restart the watchdog timer hardware. And that's also what
  151. the watchdog timer driver core does: to send a keepalive ping to the watchdog
  152. timer hardware it will either use the ping operation (when available) or the
  153. start operation (when the ping operation is not available).
  154. (Note: the WDIOC_KEEPALIVE ioctl call will only be active when the
  155. WDIOF_KEEPALIVEPING bit has been set in the option field on the watchdog's
  156. info structure).
  157. * status: this routine checks the status of the watchdog timer device. The
  158. status of the device is reported with watchdog WDIOF_* status flags/bits.
  159. WDIOF_MAGICCLOSE and WDIOF_KEEPALIVEPING are reported by the watchdog core;
  160. it is not necessary to report those bits from the driver. Also, if no status
  161. function is provided by the driver, the watchdog core reports the status bits
  162. provided in the bootstatus variable of struct watchdog_device.
  163. * set_timeout: this routine checks and changes the timeout of the watchdog
  164. timer device. It returns 0 on success, -EINVAL for "parameter out of range"
  165. and -EIO for "could not write value to the watchdog". On success this
  166. routine should set the timeout value of the watchdog_device to the
  167. achieved timeout value (which may be different from the requested one
  168. because the watchdog does not necessarily have a 1 second resolution).
  169. Drivers implementing max_hw_heartbeat_ms set the hardware watchdog heartbeat
  170. to the minimum of timeout and max_hw_heartbeat_ms. Those drivers set the
  171. timeout value of the watchdog_device either to the requested timeout value
  172. (if it is larger than max_hw_heartbeat_ms), or to the achieved timeout value.
  173. (Note: the WDIOF_SETTIMEOUT needs to be set in the options field of the
  174. watchdog's info structure).
  175. If the watchdog driver does not have to perform any action but setting the
  176. watchdog_device.timeout, this callback can be omitted.
  177. If set_timeout is not provided but, WDIOF_SETTIMEOUT is set, the watchdog
  178. infrastructure updates the timeout value of the watchdog_device internally
  179. to the requested value.
  180. If the pretimeout feature is used (WDIOF_PRETIMEOUT), then set_timeout must
  181. also take care of checking if pretimeout is still valid and set up the timer
  182. accordingly. This can't be done in the core without races, so it is the
  183. duty of the driver.
  184. * set_pretimeout: this routine checks and changes the pretimeout value of
  185. the watchdog. It is optional because not all watchdogs support pretimeout
  186. notification. The timeout value is not an absolute time, but the number of
  187. seconds before the actual timeout would happen. It returns 0 on success,
  188. -EINVAL for "parameter out of range" and -EIO for "could not write value to
  189. the watchdog". A value of 0 disables pretimeout notification.
  190. (Note: the WDIOF_PRETIMEOUT needs to be set in the options field of the
  191. watchdog's info structure).
  192. If the watchdog driver does not have to perform any action but setting the
  193. watchdog_device.pretimeout, this callback can be omitted. That means if
  194. set_pretimeout is not provided but WDIOF_PRETIMEOUT is set, the watchdog
  195. infrastructure updates the pretimeout value of the watchdog_device internally
  196. to the requested value.
  197. * get_timeleft: this routines returns the time that's left before a reset.
  198. * restart: this routine restarts the machine. It returns 0 on success or a
  199. negative errno code for failure.
  200. * ioctl: if this routine is present then it will be called first before we do
  201. our own internal ioctl call handling. This routine should return -ENOIOCTLCMD
  202. if a command is not supported. The parameters that are passed to the ioctl
  203. call are: watchdog_device, cmd and arg.
  204. The 'ref' and 'unref' operations are no longer used and deprecated.
  205. The status bits should (preferably) be set with the set_bit and clear_bit alike
  206. bit-operations. The status bits that are defined are:
  207. * WDOG_ACTIVE: this status bit indicates whether or not a watchdog timer device
  208. is active or not from user perspective. User space is expected to send
  209. heartbeat requests to the driver while this flag is set.
  210. * WDOG_NO_WAY_OUT: this bit stores the nowayout setting for the watchdog.
  211. If this bit is set then the watchdog timer will not be able to stop.
  212. * WDOG_HW_RUNNING: Set by the watchdog driver if the hardware watchdog is
  213. running. The bit must be set if the watchdog timer hardware can not be
  214. stopped. The bit may also be set if the watchdog timer is running after
  215. booting, before the watchdog device is opened. If set, the watchdog
  216. infrastructure will send keepalives to the watchdog hardware while
  217. WDOG_ACTIVE is not set.
  218. Note: when you register the watchdog timer device with this bit set,
  219. then opening /dev/watchdog will skip the start operation but send a keepalive
  220. request instead.
  221. To set the WDOG_NO_WAY_OUT status bit (before registering your watchdog
  222. timer device) you can either:
  223. * set it statically in your watchdog_device struct with
  224. .status = WATCHDOG_NOWAYOUT_INIT_STATUS,
  225. (this will set the value the same as CONFIG_WATCHDOG_NOWAYOUT) or
  226. * use the following helper function:
  227. static inline void watchdog_set_nowayout(struct watchdog_device *wdd, int nowayout)
  228. Note: The WatchDog Timer Driver Core supports the magic close feature and
  229. the nowayout feature. To use the magic close feature you must set the
  230. WDIOF_MAGICCLOSE bit in the options field of the watchdog's info structure.
  231. The nowayout feature will overrule the magic close feature.
  232. To get or set driver specific data the following two helper functions should be
  233. used:
  234. static inline void watchdog_set_drvdata(struct watchdog_device *wdd, void *data)
  235. static inline void *watchdog_get_drvdata(struct watchdog_device *wdd)
  236. The watchdog_set_drvdata function allows you to add driver specific data. The
  237. arguments of this function are the watchdog device where you want to add the
  238. driver specific data to and a pointer to the data itself.
  239. The watchdog_get_drvdata function allows you to retrieve driver specific data.
  240. The argument of this function is the watchdog device where you want to retrieve
  241. data from. The function returns the pointer to the driver specific data.
  242. To initialize the timeout field, the following function can be used:
  243. extern int watchdog_init_timeout(struct watchdog_device *wdd,
  244. unsigned int timeout_parm, struct device *dev);
  245. The watchdog_init_timeout function allows you to initialize the timeout field
  246. using the module timeout parameter or by retrieving the timeout-sec property from
  247. the device tree (if the module timeout parameter is invalid). Best practice is
  248. to set the default timeout value as timeout value in the watchdog_device and
  249. then use this function to set the user "preferred" timeout value.
  250. This routine returns zero on success and a negative errno code for failure.
  251. To disable the watchdog on reboot, the user must call the following helper:
  252. static inline void watchdog_stop_on_reboot(struct watchdog_device *wdd);
  253. To change the priority of the restart handler the following helper should be
  254. used:
  255. void watchdog_set_restart_priority(struct watchdog_device *wdd, int priority);
  256. User should follow the following guidelines for setting the priority:
  257. * 0: should be called in last resort, has limited restart capabilities
  258. * 128: default restart handler, use if no other handler is expected to be
  259. available, and/or if restart is sufficient to restart the entire system
  260. * 255: highest priority, will preempt all other restart handlers
  261. To raise a pretimeout notification, the following function should be used:
  262. void watchdog_notify_pretimeout(struct watchdog_device *wdd)
  263. The function can be called in the interrupt context. If watchdog pretimeout
  264. governor framework (kbuild CONFIG_WATCHDOG_PRETIMEOUT_GOV symbol) is enabled,
  265. an action is taken by a preconfigured pretimeout governor preassigned to
  266. the watchdog device. If watchdog pretimeout governor framework is not
  267. enabled, watchdog_notify_pretimeout() prints a notification message to
  268. the kernel log buffer.