watchdog-api.txt 8.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238
  1. Last reviewed: 10/05/2007
  2. The Linux Watchdog driver API.
  3. Copyright 2002 Christer Weingel <wingel@nano-system.com>
  4. Some parts of this document are copied verbatim from the sbc60xxwdt
  5. driver which is (c) Copyright 2000 Jakob Oestergaard <jakob@ostenfeld.dk>
  6. This document describes the state of the Linux 2.4.18 kernel.
  7. Introduction:
  8. A Watchdog Timer (WDT) is a hardware circuit that can reset the
  9. computer system in case of a software fault. You probably knew that
  10. already.
  11. Usually a userspace daemon will notify the kernel watchdog driver via the
  12. /dev/watchdog special device file that userspace is still alive, at
  13. regular intervals. When such a notification occurs, the driver will
  14. usually tell the hardware watchdog that everything is in order, and
  15. that the watchdog should wait for yet another little while to reset
  16. the system. If userspace fails (RAM error, kernel bug, whatever), the
  17. notifications cease to occur, and the hardware watchdog will reset the
  18. system (causing a reboot) after the timeout occurs.
  19. The Linux watchdog API is a rather ad-hoc construction and different
  20. drivers implement different, and sometimes incompatible, parts of it.
  21. This file is an attempt to document the existing usage and allow
  22. future driver writers to use it as a reference.
  23. The simplest API:
  24. All drivers support the basic mode of operation, where the watchdog
  25. activates as soon as /dev/watchdog is opened and will reboot unless
  26. the watchdog is pinged within a certain time, this time is called the
  27. timeout or margin. The simplest way to ping the watchdog is to write
  28. some data to the device. So a very simple watchdog daemon would look
  29. like this source file: see Documentation/watchdog/src/watchdog-simple.c
  30. A more advanced driver could for example check that a HTTP server is
  31. still responding before doing the write call to ping the watchdog.
  32. When the device is closed, the watchdog is disabled, unless the "Magic
  33. Close" feature is supported (see below). This is not always such a
  34. good idea, since if there is a bug in the watchdog daemon and it
  35. crashes the system will not reboot. Because of this, some of the
  36. drivers support the configuration option "Disable watchdog shutdown on
  37. close", CONFIG_WATCHDOG_NOWAYOUT. If it is set to Y when compiling
  38. the kernel, there is no way of disabling the watchdog once it has been
  39. started. So, if the watchdog daemon crashes, the system will reboot
  40. after the timeout has passed. Watchdog devices also usually support
  41. the nowayout module parameter so that this option can be controlled at
  42. runtime.
  43. Magic Close feature:
  44. If a driver supports "Magic Close", the driver will not disable the
  45. watchdog unless a specific magic character 'V' has been sent to
  46. /dev/watchdog just before closing the file. If the userspace daemon
  47. closes the file without sending this special character, the driver
  48. will assume that the daemon (and userspace in general) died, and will
  49. stop pinging the watchdog without disabling it first. This will then
  50. cause a reboot if the watchdog is not re-opened in sufficient time.
  51. The ioctl API:
  52. All conforming drivers also support an ioctl API.
  53. Pinging the watchdog using an ioctl:
  54. All drivers that have an ioctl interface support at least one ioctl,
  55. KEEPALIVE. This ioctl does exactly the same thing as a write to the
  56. watchdog device, so the main loop in the above program could be
  57. replaced with:
  58. while (1) {
  59. ioctl(fd, WDIOC_KEEPALIVE, 0);
  60. sleep(10);
  61. }
  62. the argument to the ioctl is ignored.
  63. Setting and getting the timeout:
  64. For some drivers it is possible to modify the watchdog timeout on the
  65. fly with the SETTIMEOUT ioctl, those drivers have the WDIOF_SETTIMEOUT
  66. flag set in their option field. The argument is an integer
  67. representing the timeout in seconds. The driver returns the real
  68. timeout used in the same variable, and this timeout might differ from
  69. the requested one due to limitation of the hardware.
  70. int timeout = 45;
  71. ioctl(fd, WDIOC_SETTIMEOUT, &timeout);
  72. printf("The timeout was set to %d seconds\n", timeout);
  73. This example might actually print "The timeout was set to 60 seconds"
  74. if the device has a granularity of minutes for its timeout.
  75. Starting with the Linux 2.4.18 kernel, it is possible to query the
  76. current timeout using the GETTIMEOUT ioctl.
  77. ioctl(fd, WDIOC_GETTIMEOUT, &timeout);
  78. printf("The timeout was is %d seconds\n", timeout);
  79. Pretimeouts:
  80. Some watchdog timers can be set to have a trigger go off before the
  81. actual time they will reset the system. This can be done with an NMI,
  82. interrupt, or other mechanism. This allows Linux to record useful
  83. information (like panic information and kernel coredumps) before it
  84. resets.
  85. pretimeout = 10;
  86. ioctl(fd, WDIOC_SETPRETIMEOUT, &pretimeout);
  87. Note that the pretimeout is the number of seconds before the time
  88. when the timeout will go off. It is not the number of seconds until
  89. the pretimeout. So, for instance, if you set the timeout to 60 seconds
  90. and the pretimeout to 10 seconds, the pretimout will go of in 50
  91. seconds. Setting a pretimeout to zero disables it.
  92. There is also a get function for getting the pretimeout:
  93. ioctl(fd, WDIOC_GETPRETIMEOUT, &timeout);
  94. printf("The pretimeout was is %d seconds\n", timeout);
  95. Not all watchdog drivers will support a pretimeout.
  96. Get the number of seconds before reboot:
  97. Some watchdog drivers have the ability to report the remaining time
  98. before the system will reboot. The WDIOC_GETTIMELEFT is the ioctl
  99. that returns the number of seconds before reboot.
  100. ioctl(fd, WDIOC_GETTIMELEFT, &timeleft);
  101. printf("The timeout was is %d seconds\n", timeleft);
  102. Environmental monitoring:
  103. All watchdog drivers are required return more information about the system,
  104. some do temperature, fan and power level monitoring, some can tell you
  105. the reason for the last reboot of the system. The GETSUPPORT ioctl is
  106. available to ask what the device can do:
  107. struct watchdog_info ident;
  108. ioctl(fd, WDIOC_GETSUPPORT, &ident);
  109. the fields returned in the ident struct are:
  110. identity a string identifying the watchdog driver
  111. firmware_version the firmware version of the card if available
  112. options a flags describing what the device supports
  113. the options field can have the following bits set, and describes what
  114. kind of information that the GET_STATUS and GET_BOOT_STATUS ioctls can
  115. return. [FIXME -- Is this correct?]
  116. WDIOF_OVERHEAT Reset due to CPU overheat
  117. The machine was last rebooted by the watchdog because the thermal limit was
  118. exceeded
  119. WDIOF_FANFAULT Fan failed
  120. A system fan monitored by the watchdog card has failed
  121. WDIOF_EXTERN1 External relay 1
  122. External monitoring relay/source 1 was triggered. Controllers intended for
  123. real world applications include external monitoring pins that will trigger
  124. a reset.
  125. WDIOF_EXTERN2 External relay 2
  126. External monitoring relay/source 2 was triggered
  127. WDIOF_POWERUNDER Power bad/power fault
  128. The machine is showing an undervoltage status
  129. WDIOF_CARDRESET Card previously reset the CPU
  130. The last reboot was caused by the watchdog card
  131. WDIOF_POWEROVER Power over voltage
  132. The machine is showing an overvoltage status. Note that if one level is
  133. under and one over both bits will be set - this may seem odd but makes
  134. sense.
  135. WDIOF_KEEPALIVEPING Keep alive ping reply
  136. The watchdog saw a keepalive ping since it was last queried.
  137. WDIOF_SETTIMEOUT Can set/get the timeout
  138. The watchdog can do pretimeouts.
  139. WDIOF_PRETIMEOUT Pretimeout (in seconds), get/set
  140. For those drivers that return any bits set in the option field, the
  141. GETSTATUS and GETBOOTSTATUS ioctls can be used to ask for the current
  142. status, and the status at the last reboot, respectively.
  143. int flags;
  144. ioctl(fd, WDIOC_GETSTATUS, &flags);
  145. or
  146. ioctl(fd, WDIOC_GETBOOTSTATUS, &flags);
  147. Note that not all devices support these two calls, and some only
  148. support the GETBOOTSTATUS call.
  149. Some drivers can measure the temperature using the GETTEMP ioctl. The
  150. returned value is the temperature in degrees fahrenheit.
  151. int temperature;
  152. ioctl(fd, WDIOC_GETTEMP, &temperature);
  153. Finally the SETOPTIONS ioctl can be used to control some aspects of
  154. the cards operation.
  155. int options = 0;
  156. ioctl(fd, WDIOC_SETOPTIONS, &options);
  157. The following options are available:
  158. WDIOS_DISABLECARD Turn off the watchdog timer
  159. WDIOS_ENABLECARD Turn on the watchdog timer
  160. WDIOS_TEMPPANIC Kernel panic on temperature trip
  161. [FIXME -- better explanations]