Commit | Line | Data |
---|---|---|
43316044 WVS |
1 | The Linux WatchDog Timer Driver Core kernel API. |
2 | =============================================== | |
3048253e | 3 | Last reviewed: 12-Feb-2013 |
43316044 WVS |
4 | |
5 | Wim Van Sebroeck <wim@iguana.be> | |
6 | ||
7 | Introduction | |
8 | ------------ | |
9 | This document does not describe what a WatchDog Timer (WDT) Driver or Device is. | |
10 | It also does not describe the API which can be used by user space to communicate | |
11 | with a WatchDog Timer. If you want to know this then please read the following | |
12 | file: Documentation/watchdog/watchdog-api.txt . | |
13 | ||
14 | So what does this document describe? It describes the API that can be used by | |
15 | WatchDog Timer Drivers that want to use the WatchDog Timer Driver Core | |
16 | Framework. This framework provides all interfacing towards user space so that | |
17 | the same code does not have to be reproduced each time. This also means that | |
18 | a watchdog timer driver then only needs to provide the different routines | |
19 | (operations) that control the watchdog timer (WDT). | |
20 | ||
21 | The API | |
22 | ------- | |
23 | Each watchdog timer driver that wants to use the WatchDog Timer Driver Core | |
24 | must #include <linux/watchdog.h> (you would have to do this anyway when | |
25 | writing a watchdog device driver). This include file contains following | |
26 | register/unregister routines: | |
27 | ||
28 | extern int watchdog_register_device(struct watchdog_device *); | |
29 | extern void watchdog_unregister_device(struct watchdog_device *); | |
30 | ||
31 | The watchdog_register_device routine registers a watchdog timer device. | |
32 | The parameter of this routine is a pointer to a watchdog_device structure. | |
33 | This routine returns zero on success and a negative errno code for failure. | |
34 | ||
35 | The watchdog_unregister_device routine deregisters a registered watchdog timer | |
36 | device. The parameter of this routine is the pointer to the registered | |
37 | watchdog_device structure. | |
38 | ||
ef90174f JBT |
39 | The watchdog subsystem includes an registration deferral mechanism, |
40 | which allows you to register an watchdog as early as you wish during | |
41 | the boot process. | |
42 | ||
43316044 WVS |
43 | The watchdog device structure looks like this: |
44 | ||
45 | struct watchdog_device { | |
45f5fed3 | 46 | int id; |
d6b469d9 | 47 | struct device *parent; |
faa58475 | 48 | const struct attribute_group **groups; |
43316044 WVS |
49 | const struct watchdog_info *info; |
50 | const struct watchdog_ops *ops; | |
ff84136c | 51 | const struct watchdog_governor *gov; |
2fa03560 | 52 | unsigned int bootstatus; |
014d694e | 53 | unsigned int timeout; |
df044e02 | 54 | unsigned int pretimeout; |
3f43f68e WVS |
55 | unsigned int min_timeout; |
56 | unsigned int max_timeout; | |
15013ad8 | 57 | unsigned int min_hw_heartbeat_ms; |
664a3923 | 58 | unsigned int max_hw_heartbeat_ms; |
e1313196 | 59 | struct notifier_block reboot_nb; |
2165bf52 | 60 | struct notifier_block restart_nb; |
43316044 | 61 | void *driver_data; |
b4ffb190 | 62 | struct watchdog_core_data *wd_data; |
43316044 | 63 | unsigned long status; |
ef90174f | 64 | struct list_head deferred; |
43316044 WVS |
65 | }; |
66 | ||
67 | It contains following fields: | |
45f5fed3 AC |
68 | * id: set by watchdog_register_device, id 0 is special. It has both a |
69 | /dev/watchdog0 cdev (dynamic major, minor 0) as well as the old | |
70 | /dev/watchdog miscdev. The id is set automatically when calling | |
71 | watchdog_register_device. | |
d6b469d9 AC |
72 | * parent: set this to the parent device (or NULL) before calling |
73 | watchdog_register_device. | |
faa58475 GR |
74 | * groups: List of sysfs attribute groups to create when creating the watchdog |
75 | device. | |
43316044 WVS |
76 | * info: a pointer to a watchdog_info structure. This structure gives some |
77 | additional information about the watchdog timer itself. (Like it's unique name) | |
78 | * ops: a pointer to the list of watchdog operations that the watchdog supports. | |
ff84136c | 79 | * gov: a pointer to the assigned watchdog device pretimeout governor or NULL. |
014d694e | 80 | * timeout: the watchdog timer's timeout value (in seconds). |
664a3923 GR |
81 | This is the time after which the system will reboot if user space does |
82 | not send a heartbeat request if WDOG_ACTIVE is set. | |
df044e02 | 83 | * pretimeout: the watchdog timer's pretimeout value (in seconds). |
3f43f68e | 84 | * min_timeout: the watchdog timer's minimum timeout value (in seconds). |
664a3923 GR |
85 | If set, the minimum configurable value for 'timeout'. |
86 | * max_timeout: the watchdog timer's maximum timeout value (in seconds), | |
87 | as seen from userspace. If set, the maximum configurable value for | |
88 | 'timeout'. Not used if max_hw_heartbeat_ms is non-zero. | |
f9f535c1 GR |
89 | * min_hw_heartbeat_ms: Hardware limit for minimum time between heartbeats, |
90 | in milli-seconds. This value is normally 0; it should only be provided | |
91 | if the hardware can not tolerate lower intervals between heartbeats. | |
664a3923 GR |
92 | * max_hw_heartbeat_ms: Maximum hardware heartbeat, in milli-seconds. |
93 | If set, the infrastructure will send heartbeats to the watchdog driver | |
94 | if 'timeout' is larger than max_hw_heartbeat_ms, unless WDOG_ACTIVE | |
95 | is set and userspace failed to send a heartbeat for at least 'timeout' | |
d0684c8a GR |
96 | seconds. max_hw_heartbeat_ms must be set if a driver does not implement |
97 | the stop function. | |
e1313196 DR |
98 | * reboot_nb: notifier block that is registered for reboot notifications, for |
99 | internal use only. If the driver calls watchdog_stop_on_reboot, watchdog core | |
100 | will stop the watchdog on such notifications. | |
2165bf52 DR |
101 | * restart_nb: notifier block that is registered for machine restart, for |
102 | internal use only. If a watchdog is capable of restarting the machine, it | |
103 | should define ops->restart. Priority can be changed through | |
104 | watchdog_set_restart_priority. | |
2fa03560 WVS |
105 | * bootstatus: status of the device after booting (reported with watchdog |
106 | WDIOF_* status bits). | |
43316044 | 107 | * driver_data: a pointer to the drivers private data of a watchdog device. |
2deca736 | 108 | This data should only be accessed via the watchdog_set_drvdata and |
43316044 | 109 | watchdog_get_drvdata routines. |
b4ffb190 | 110 | * wd_data: a pointer to watchdog core internal data. |
43316044 | 111 | * status: this field contains a number of status bits that give extra |
234445b4 | 112 | information about the status of the device (Like: is the watchdog timer |
b4ffb190 | 113 | running/active, or is the nowayout bit set). |
ef90174f JBT |
114 | * deferred: entry in wtd_deferred_reg_list which is used to |
115 | register early initialized watchdogs. | |
43316044 WVS |
116 | |
117 | The list of watchdog operations is defined as: | |
118 | ||
119 | struct watchdog_ops { | |
120 | struct module *owner; | |
121 | /* mandatory operations */ | |
122 | int (*start)(struct watchdog_device *); | |
123 | int (*stop)(struct watchdog_device *); | |
124 | /* optional operations */ | |
125 | int (*ping)(struct watchdog_device *); | |
2fa03560 | 126 | unsigned int (*status)(struct watchdog_device *); |
014d694e | 127 | int (*set_timeout)(struct watchdog_device *, unsigned int); |
df044e02 | 128 | int (*set_pretimeout)(struct watchdog_device *, unsigned int); |
fd7b673c | 129 | unsigned int (*get_timeleft)(struct watchdog_device *); |
2165bf52 | 130 | int (*restart)(struct watchdog_device *); |
78d88fc0 | 131 | long (*ioctl)(struct watchdog_device *, unsigned int, unsigned long); |
43316044 WVS |
132 | }; |
133 | ||
134 | It is important that you first define the module owner of the watchdog timer | |
135 | driver's operations. This module owner will be used to lock the module when | |
136 | the watchdog is active. (This to avoid a system crash when you unload the | |
137 | module and /dev/watchdog is still open). | |
e907df32 | 138 | |
43316044 WVS |
139 | Some operations are mandatory and some are optional. The mandatory operations |
140 | are: | |
141 | * start: this is a pointer to the routine that starts the watchdog timer | |
142 | device. | |
143 | The routine needs a pointer to the watchdog timer device structure as a | |
144 | parameter. It returns zero on success or a negative errno code for failure. | |
43316044 WVS |
145 | |
146 | Not all watchdog timer hardware supports the same functionality. That's why | |
147 | all other routines/operations are optional. They only need to be provided if | |
148 | they are supported. These optional routines/operations are: | |
d0684c8a GR |
149 | * stop: with this routine the watchdog timer device is being stopped. |
150 | The routine needs a pointer to the watchdog timer device structure as a | |
151 | parameter. It returns zero on success or a negative errno code for failure. | |
152 | Some watchdog timer hardware can only be started and not be stopped. A | |
153 | driver supporting such hardware does not have to implement the stop routine. | |
154 | If a driver has no stop function, the watchdog core will set WDOG_HW_RUNNING | |
155 | and start calling the driver's keepalive pings function after the watchdog | |
156 | device is closed. | |
157 | If a watchdog driver does not implement the stop function, it must set | |
158 | max_hw_heartbeat_ms. | |
43316044 WVS |
159 | * ping: this is the routine that sends a keepalive ping to the watchdog timer |
160 | hardware. | |
161 | The routine needs a pointer to the watchdog timer device structure as a | |
162 | parameter. It returns zero on success or a negative errno code for failure. | |
163 | Most hardware that does not support this as a separate function uses the | |
164 | start function to restart the watchdog timer hardware. And that's also what | |
165 | the watchdog timer driver core does: to send a keepalive ping to the watchdog | |
166 | timer hardware it will either use the ping operation (when available) or the | |
167 | start operation (when the ping operation is not available). | |
c2dc00e4 WVS |
168 | (Note: the WDIOC_KEEPALIVE ioctl call will only be active when the |
169 | WDIOF_KEEPALIVEPING bit has been set in the option field on the watchdog's | |
170 | info structure). | |
2fa03560 WVS |
171 | * status: this routine checks the status of the watchdog timer device. The |
172 | status of the device is reported with watchdog WDIOF_* status flags/bits. | |
90b826f1 GR |
173 | WDIOF_MAGICCLOSE and WDIOF_KEEPALIVEPING are reported by the watchdog core; |
174 | it is not necessary to report those bits from the driver. Also, if no status | |
175 | function is provided by the driver, the watchdog core reports the status bits | |
176 | provided in the bootstatus variable of struct watchdog_device. | |
014d694e WVS |
177 | * set_timeout: this routine checks and changes the timeout of the watchdog |
178 | timer device. It returns 0 on success, -EINVAL for "parameter out of range" | |
b10f7c12 HG |
179 | and -EIO for "could not write value to the watchdog". On success this |
180 | routine should set the timeout value of the watchdog_device to the | |
181 | achieved timeout value (which may be different from the requested one | |
664a3923 GR |
182 | because the watchdog does not necessarily have a 1 second resolution). |
183 | Drivers implementing max_hw_heartbeat_ms set the hardware watchdog heartbeat | |
184 | to the minimum of timeout and max_hw_heartbeat_ms. Those drivers set the | |
185 | timeout value of the watchdog_device either to the requested timeout value | |
186 | (if it is larger than max_hw_heartbeat_ms), or to the achieved timeout value. | |
014d694e WVS |
187 | (Note: the WDIOF_SETTIMEOUT needs to be set in the options field of the |
188 | watchdog's info structure). | |
fb32e9b9 GR |
189 | If the watchdog driver does not have to perform any action but setting the |
190 | watchdog_device.timeout, this callback can be omitted. | |
191 | If set_timeout is not provided but, WDIOF_SETTIMEOUT is set, the watchdog | |
192 | infrastructure updates the timeout value of the watchdog_device internally | |
193 | to the requested value. | |
df044e02 WS |
194 | If the pretimeout feature is used (WDIOF_PRETIMEOUT), then set_timeout must |
195 | also take care of checking if pretimeout is still valid and set up the timer | |
196 | accordingly. This can't be done in the core without races, so it is the | |
197 | duty of the driver. | |
198 | * set_pretimeout: this routine checks and changes the pretimeout value of | |
199 | the watchdog. It is optional because not all watchdogs support pretimeout | |
200 | notification. The timeout value is not an absolute time, but the number of | |
201 | seconds before the actual timeout would happen. It returns 0 on success, | |
202 | -EINVAL for "parameter out of range" and -EIO for "could not write value to | |
203 | the watchdog". A value of 0 disables pretimeout notification. | |
204 | (Note: the WDIOF_PRETIMEOUT needs to be set in the options field of the | |
205 | watchdog's info structure). | |
206 | If the watchdog driver does not have to perform any action but setting the | |
207 | watchdog_device.pretimeout, this callback can be omitted. That means if | |
208 | set_pretimeout is not provided but WDIOF_PRETIMEOUT is set, the watchdog | |
209 | infrastructure updates the pretimeout value of the watchdog_device internally | |
210 | to the requested value. | |
fd7b673c | 211 | * get_timeleft: this routines returns the time that's left before a reset. |
2165bf52 DR |
212 | * restart: this routine restarts the machine. It returns 0 on success or a |
213 | negative errno code for failure. | |
78d88fc0 WVS |
214 | * ioctl: if this routine is present then it will be called first before we do |
215 | our own internal ioctl call handling. This routine should return -ENOIOCTLCMD | |
216 | if a command is not supported. The parameters that are passed to the ioctl | |
217 | call are: watchdog_device, cmd and arg. | |
43316044 WVS |
218 | |
219 | The status bits should (preferably) be set with the set_bit and clear_bit alike | |
220 | bit-operations. The status bits that are defined are: | |
234445b4 | 221 | * WDOG_ACTIVE: this status bit indicates whether or not a watchdog timer device |
ee142889 GR |
222 | is active or not from user perspective. User space is expected to send |
223 | heartbeat requests to the driver while this flag is set. | |
7e192b9c WVS |
224 | * WDOG_NO_WAY_OUT: this bit stores the nowayout setting for the watchdog. |
225 | If this bit is set then the watchdog timer will not be able to stop. | |
ee142889 GR |
226 | * WDOG_HW_RUNNING: Set by the watchdog driver if the hardware watchdog is |
227 | running. The bit must be set if the watchdog timer hardware can not be | |
228 | stopped. The bit may also be set if the watchdog timer is running after | |
229 | booting, before the watchdog device is opened. If set, the watchdog | |
230 | infrastructure will send keepalives to the watchdog hardware while | |
231 | WDOG_ACTIVE is not set. | |
232 | Note: when you register the watchdog timer device with this bit set, | |
233 | then opening /dev/watchdog will skip the start operation but send a keepalive | |
234 | request instead. | |
017cf080 | 235 | |
ff0b3cd4 WVS |
236 | To set the WDOG_NO_WAY_OUT status bit (before registering your watchdog |
237 | timer device) you can either: | |
238 | * set it statically in your watchdog_device struct with | |
239 | .status = WATCHDOG_NOWAYOUT_INIT_STATUS, | |
240 | (this will set the value the same as CONFIG_WATCHDOG_NOWAYOUT) or | |
241 | * use the following helper function: | |
242 | static inline void watchdog_set_nowayout(struct watchdog_device *wdd, int nowayout) | |
243 | ||
7e192b9c WVS |
244 | Note: The WatchDog Timer Driver Core supports the magic close feature and |
245 | the nowayout feature. To use the magic close feature you must set the | |
246 | WDIOF_MAGICCLOSE bit in the options field of the watchdog's info structure. | |
247 | The nowayout feature will overrule the magic close feature. | |
43316044 WVS |
248 | |
249 | To get or set driver specific data the following two helper functions should be | |
250 | used: | |
251 | ||
252 | static inline void watchdog_set_drvdata(struct watchdog_device *wdd, void *data) | |
253 | static inline void *watchdog_get_drvdata(struct watchdog_device *wdd) | |
254 | ||
255 | The watchdog_set_drvdata function allows you to add driver specific data. The | |
256 | arguments of this function are the watchdog device where you want to add the | |
257 | driver specific data to and a pointer to the data itself. | |
258 | ||
259 | The watchdog_get_drvdata function allows you to retrieve driver specific data. | |
260 | The argument of this function is the watchdog device where you want to retrieve | |
e1986521 | 261 | data from. The function returns the pointer to the driver specific data. |
3048253e FP |
262 | |
263 | To initialize the timeout field, the following function can be used: | |
264 | ||
265 | extern int watchdog_init_timeout(struct watchdog_device *wdd, | |
266 | unsigned int timeout_parm, struct device *dev); | |
267 | ||
268 | The watchdog_init_timeout function allows you to initialize the timeout field | |
269 | using the module timeout parameter or by retrieving the timeout-sec property from | |
270 | the device tree (if the module timeout parameter is invalid). Best practice is | |
271 | to set the default timeout value as timeout value in the watchdog_device and | |
272 | then use this function to set the user "preferred" timeout value. | |
273 | This routine returns zero on success and a negative errno code for failure. | |
2165bf52 | 274 | |
e1313196 DR |
275 | To disable the watchdog on reboot, the user must call the following helper: |
276 | ||
277 | static inline void watchdog_stop_on_reboot(struct watchdog_device *wdd); | |
278 | ||
bb292ac1 GR |
279 | To disable the watchdog when unregistering the watchdog, the user must call |
280 | the following helper. Note that this will only stop the watchdog if the | |
281 | nowayout flag is not set. | |
282 | ||
283 | static inline void watchdog_stop_on_unregister(struct watchdog_device *wdd); | |
284 | ||
2165bf52 DR |
285 | To change the priority of the restart handler the following helper should be |
286 | used: | |
287 | ||
288 | void watchdog_set_restart_priority(struct watchdog_device *wdd, int priority); | |
289 | ||
290 | User should follow the following guidelines for setting the priority: | |
291 | * 0: should be called in last resort, has limited restart capabilities | |
292 | * 128: default restart handler, use if no other handler is expected to be | |
293 | available, and/or if restart is sufficient to restart the entire system | |
294 | * 255: highest priority, will preempt all other restart handlers | |
ff84136c VZ |
295 | |
296 | To raise a pretimeout notification, the following function should be used: | |
297 | ||
298 | void watchdog_notify_pretimeout(struct watchdog_device *wdd) | |
299 | ||
300 | The function can be called in the interrupt context. If watchdog pretimeout | |
301 | governor framework (kbuild CONFIG_WATCHDOG_PRETIMEOUT_GOV symbol) is enabled, | |
302 | an action is taken by a preconfigured pretimeout governor preassigned to | |
303 | the watchdog device. If watchdog pretimeout governor framework is not | |
304 | enabled, watchdog_notify_pretimeout() prints a notification message to | |
305 | the kernel log buffer. |