Re: SP805 driver

[Leif Lindholm <leif.lindholm@linaro.org>]

On Tue, Dec 18, 2018 at 12:30:34PM +0000, Udit Kumar wrote:
> > > >"If no handler has been registered, or the registered handler
> > > >returns, then the system will be reset by calling the Runtime Service
> > > >ResetSystem()."
> > > I believe,  this handler needs to be called by wdt driver after wdt is
> > > expired. Meaning , we want wdt to work without resetting the system.
> > > Therefore a mask is needed with wdt, which will prevent to reset the
> > > system.   I see it working, at least for SP805, because of PMU mask
> > > bits.
> > 
> > Yes, if the WDT can be configured to generate an interrupt instead of a
> > hardware reset, it can be used to implement this protocol.
> 
> Here I am just thinking of one condition , some application started the wdt
> and CPU got stuck somewhere in ISR routine, 
> Now this wdt is expired. We will end up in hang system. 
> I agree doing reset in graceful manner is always great, but In this case, resetting the 
> as it is, will be more useful. 
> 
> Thought ? 

The short answer is:
That would violate the specification, so what is the purpose of
debating the merit?

The longer answer is:
The comparison conflates software and hardware watchdogs. There is
nothing saying a system couldn't have both.

But giving someone a hardware watchdog when they explicitly ask for a
software one is not OK.

> > > Also ArmPkg/Drivers/GenericWatchdogDxe/GenericWatchdogDxe.c has this
> > limitation.
> > > I haven’t read spec of this wdt.  I hope there should a mask around.
> > 
> > No, the situation for the GenericWatchdogDxe is not as dire.
> > 
> > Correct: it does not permit registering software handlers (which perhaps we
> > should do something about, but is ... acceptable).
> > 
> > _But_, it still conforms to the above text; when the timer expires, it resets the
> > system by calling the ResetSystem() service. It does not directly force a
> > hardware reset.
> 
> Hmm, this does partly by calling  ResetSystem(), however this does not 
> Allow to install handler in WatchdogRegisterHandler.

As I said, it's acceptable - it's not ideal.

> > The severe problem is not the lack of the ability to register the software handler
> > (which does remove much of the utility), but the removal of reset control from
> > the system firmware.
> > 
> > > Coming back to hardware, which does not have mask around wdt, how to
> > > implement this feature.
> > 
> > Simple - you can't.
> > 
> > You can absolutely implement exactly the functionality you have today, with
> > minimal changes to the protocol - it just should not be registered as an
> > implementation of EFI_WATCHDOG_TIMER_ARCH_PROTOCOL.
> 
> I believe,  EFI_WATCHDOG_TIMER_ARCH_PROTOCOL is must 
> Are you suggesting to EFI_WATCHDOG_TIMER_ARCH_PROTOCOL from MdeModulePkg
> and hook platform specific code with this.
> Or simply register EFI_WATCHDOG_TIMER_ARCH_PROTOCOL with dummy functions.

Are you referring to
MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf?

That is certainly what most of the platforms in edk2-platforms use.

The EFI_WATCHDOG_TIMER_ARCH_PROTOCOL is used by core code.

If you want to use your hardware watchdog as part of your platform
specific code, that is absolutely fine and probably a very good idea -
but it has nothing to do with this protocol. There is nothing forcing
you to use the platform-independent EFI_WATCHDOG_TIMER_ARCH_PROTOCOL
for this.

Regards,

Leif