On Tue, 2019-01-15 at 19:27 -0700, Jerry Hoemann wrote: > On Mon, Jan 14, 2019 at 07:36:14AM +0500, Ivan Mironov wrote: > > Existing code disables watchdog on NMI right before completely hanging > > the system. > > > > There are two problems here: > > > > * First, watchdog is expected to reset the system in a case of such > > failure, no matter what. > > Documentation/watchdog/watchdog-api.txt > > explicitly allows for pretimeout NMI and generation of kernel crash dumps. > > By removing hpwdt_stop the system will likely fail to crash dump > as there is only 9 seconds between receipt of a NMI and the iLO > resetting the system. > > Unfortunately, kdump is not without issues and can also be difficult > to properly configure either of which can result in failure to dump > and reset. > > Customers who value availability over kdump collection, the pretimeout > NMI can be disabled and hardware will not issue the pretimeout NMI > and will only do reset. > > A middle ground for those who want tombstones but not kdump, would > be to leave the pretimeout NMI enabled and add "panic=N" to the > Linux command line. That way after the panic, the tombstone is > printed and the system resets after N seconds. > > Somehow I missed the whole pretimout thing when reading about the watchdog API. Thanks for clarification, now code makes much more sense =). Still, I do not really understand the point of enabling of kdump support in hpwdt driver by default while kdump is not enabled by default. Also, existing code may call hpwdt_stop() (and thus break watchdog) even if pretimout is disabled. Also, "panic=N" option is not providing a way to *not* panic on NMI unrelated with iLO. This could be circumvented by blacklisting the hpwdt module entirely, but normal watchdog functionality would be lost then. It is possible to rebuild kernel without HPWDT_NMI_DECODING (which is enabled in Fedora, for example). But it is nearly impossible to come to this solution without examining the source code, because description of this option does not mention that it is really about pretimout support and panics and not about something else... I would say that current default behavior of hpwd is slightly confusing in multiple different ways. > > > * Second, this code has no effect if there are more than one watchdog. > > That is correct. Hpwdt will not turn off any other WDT. > > I don't see a current method of notifying other watchdogs > that a given watchdog is going to take the system down. > > The closest I hook see is watchdog_notify_pretimeout, but I don't > see that notifying other WDT. Its not clear to me that it should. > (e.g. the second WDT could be of longer duration and protect against > kdump hanging. This would need to be thought through.) > > > > > Signed-off-by: Ivan Mironov <mironov.ivan@xxxxxxxxx> > > --- > > drivers/watchdog/hpwdt.c | 2 -- > > 1 file changed, 2 deletions(-) > > > > diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c > > index ef30c7e9728d..2467e6bc25c2 100644 > > --- a/drivers/watchdog/hpwdt.c > > +++ b/drivers/watchdog/hpwdt.c > > @@ -170,8 +170,6 @@ static int hpwdt_pretimeout(unsigned int ulReason, struct pt_regs *regs) > > if (ilo5 && !pretimeout && !mynmi) > > return NMI_DONE; > > > > - hpwdt_stop(); > > - > > hex_byte_pack(panic_msg, mynmi); > > nmi_panic(regs, panic_msg); > > > > -- > > 2.20.1