diff mbox series

[v1] watchdog: imx2_wdt: clear WDOG_HW_RUNNING before suspend

Message ID 1620732032-7675-1-git-send-email-yibin.gong@nxp.com (mailing list archive)
State Changes Requested
Headers show
Series [v1] watchdog: imx2_wdt: clear WDOG_HW_RUNNING before suspend | expand

Commit Message

Robin Gong May 11, 2021, 11:20 a.m. UTC
Since watchdog_ping_work is not freezable so that it maybe scheduled before
imx2_wdt_resume where watchdog clock enabled, hence, kernel will hang in
imx2_wdt_ping without clock, and then watchdog reset happen. Prevent the
above case by clearing WDOG_HW_RUNNING before suspend, and restore it with
ping in imx2_wdt_resume.

Signed-off-by: Robin Gong <yibin.gong@nxp.com>
---
 drivers/watchdog/imx2_wdt.c | 8 ++++++++
 1 file changed, 8 insertions(+)

Comments

Guenter Roeck May 11, 2021, 3:59 a.m. UTC | #1
On 5/11/21 4:20 AM, Robin Gong wrote:
> Since watchdog_ping_work is not freezable so that it maybe scheduled before
> imx2_wdt_resume where watchdog clock enabled, hence, kernel will hang in
> imx2_wdt_ping without clock, and then watchdog reset happen. Prevent the
> above case by clearing WDOG_HW_RUNNING before suspend, and restore it with
> ping in imx2_wdt_resume.
> 
> Signed-off-by: Robin Gong <yibin.gong@nxp.com>
> ---
>   drivers/watchdog/imx2_wdt.c | 8 ++++++++
>   1 file changed, 8 insertions(+)
> 
> diff --git a/drivers/watchdog/imx2_wdt.c b/drivers/watchdog/imx2_wdt.c
> index b84f80f..d3751e9 100644
> --- a/drivers/watchdog/imx2_wdt.c
> +++ b/drivers/watchdog/imx2_wdt.c
> @@ -357,6 +357,13 @@ static int __maybe_unused imx2_wdt_suspend(struct device *dev)
>   		 */
>   		__imx2_wdt_set_timeout(wdog, IMX2_WDT_MAX_TIME);
>   		imx2_wdt_ping(wdog);
> +
> +		/*
> +		 * clear WDOG_HW_RUNNING to prevent watchdog_ping_work running
> +		 * before imx2_wdt_resume where clock enabled, otherwise kernel
> +		 * will hang and watchdog reset happen then.
> +		 */
> +		clear_bit(WDOG_HW_RUNNING, &wdog->status);
>   	}
>   
>   	clk_disable_unprepare(wdev->clk);
> @@ -386,6 +393,7 @@ static int __maybe_unused imx2_wdt_resume(struct device *dev)
>   	if (imx2_wdt_is_running(wdev)) {
>   		imx2_wdt_set_timeout(wdog, wdog->timeout);
>   		imx2_wdt_ping(wdog);
> +		set_bit(WDOG_HW_RUNNING, &wdog->status);
>   	}
>   
>   	return 0;
> 
I really don't like this; it depends on assumptions how the watchdog
core works, and it misuses WDOG_HW_RUNNING to indicate that the clock
is stopped (or that the driver is in suspend mode).

If ping doesn't work with the clock stopped, I think it would be much
better to have a flag indicating that the clock is stopped, and have
the ping function do nothing if it is called with stopped clock
(ie if suspended).

Guenter
Robin Gong May 12, 2021, 11:34 a.m. UTC | #2
On 2021/05/11 11:59 Guenter Roeck <groeck7@gmail.com> wrote: 
> On 5/11/21 4:20 AM, Robin Gong wrote:
> > Since watchdog_ping_work is not freezable so that it maybe scheduled
> > before imx2_wdt_resume where watchdog clock enabled, hence, kernel
> > will hang in imx2_wdt_ping without clock, and then watchdog reset
> > happen. Prevent the above case by clearing WDOG_HW_RUNNING before
> > suspend, and restore it with ping in imx2_wdt_resume.
> >
> > Signed-off-by: Robin Gong <yibin.gong@nxp.com>
> > ---
> >   drivers/watchdog/imx2_wdt.c | 8 ++++++++
> >   1 file changed, 8 insertions(+)
> >
> > diff --git a/drivers/watchdog/imx2_wdt.c b/drivers/watchdog/imx2_wdt.c
> > index b84f80f..d3751e9 100644
> > --- a/drivers/watchdog/imx2_wdt.c
> > +++ b/drivers/watchdog/imx2_wdt.c
> > @@ -357,6 +357,13 @@ static int __maybe_unused
> imx2_wdt_suspend(struct device *dev)
> >   		 */
> >   		__imx2_wdt_set_timeout(wdog, IMX2_WDT_MAX_TIME);
> >   		imx2_wdt_ping(wdog);
> > +
> > +		/*
> > +		 * clear WDOG_HW_RUNNING to prevent watchdog_ping_work
> running
> > +		 * before imx2_wdt_resume where clock enabled, otherwise kernel
> > +		 * will hang and watchdog reset happen then.
> > +		 */
> > +		clear_bit(WDOG_HW_RUNNING, &wdog->status);
> >   	}
> >
> >   	clk_disable_unprepare(wdev->clk);
> > @@ -386,6 +393,7 @@ static int __maybe_unused imx2_wdt_resume(struct
> device *dev)
> >   	if (imx2_wdt_is_running(wdev)) {
> >   		imx2_wdt_set_timeout(wdog, wdog->timeout);
> >   		imx2_wdt_ping(wdog);
> > +		set_bit(WDOG_HW_RUNNING, &wdog->status);
> >   	}
> >
> >   	return 0;
> >
> I really don't like this; it depends on assumptions how the watchdog core
> works, and it misuses WDOG_HW_RUNNING to indicate that the clock is
> stopped (or that the driver is in suspend mode).
> 
> If ping doesn't work with the clock stopped, I think it would be much better to
> have a flag indicating that the clock is stopped, and have the ping function do
> nothing if it is called with stopped clock (ie if suspended).
> 
Understood, but I think that corner case should be a common potential issue
in all watchdog drivers which disable clock in suspend with WDOG_HW_RUNNING.
So common way looks better than many different specific flags in such different
watchdog driver with the similar intention?

BTW, for i.mx2_wdt which watchdog can't be stop unless kernel enter into suspend,
that seems like watchdog stop after suspend and clear WDOG_HW_RUNNING makes
sense?
Guenter Roeck May 12, 2021, 2:14 p.m. UTC | #3
On Wed, May 12, 2021 at 11:34:37AM +0000, Robin Gong wrote:
> On 2021/05/11 11:59 Guenter Roeck <groeck7@gmail.com> wrote: 
> > On 5/11/21 4:20 AM, Robin Gong wrote:
> > > Since watchdog_ping_work is not freezable so that it maybe scheduled
> > > before imx2_wdt_resume where watchdog clock enabled, hence, kernel
> > > will hang in imx2_wdt_ping without clock, and then watchdog reset
> > > happen. Prevent the above case by clearing WDOG_HW_RUNNING before
> > > suspend, and restore it with ping in imx2_wdt_resume.
> > >
> > > Signed-off-by: Robin Gong <yibin.gong@nxp.com>
> > > ---
> > >   drivers/watchdog/imx2_wdt.c | 8 ++++++++
> > >   1 file changed, 8 insertions(+)
> > >
> > > diff --git a/drivers/watchdog/imx2_wdt.c b/drivers/watchdog/imx2_wdt.c
> > > index b84f80f..d3751e9 100644
> > > --- a/drivers/watchdog/imx2_wdt.c
> > > +++ b/drivers/watchdog/imx2_wdt.c
> > > @@ -357,6 +357,13 @@ static int __maybe_unused
> > imx2_wdt_suspend(struct device *dev)
> > >   		 */
> > >   		__imx2_wdt_set_timeout(wdog, IMX2_WDT_MAX_TIME);
> > >   		imx2_wdt_ping(wdog);
> > > +
> > > +		/*
> > > +		 * clear WDOG_HW_RUNNING to prevent watchdog_ping_work
> > running
> > > +		 * before imx2_wdt_resume where clock enabled, otherwise kernel
> > > +		 * will hang and watchdog reset happen then.
> > > +		 */
> > > +		clear_bit(WDOG_HW_RUNNING, &wdog->status);
> > >   	}
> > >
> > >   	clk_disable_unprepare(wdev->clk);
> > > @@ -386,6 +393,7 @@ static int __maybe_unused imx2_wdt_resume(struct
> > device *dev)
> > >   	if (imx2_wdt_is_running(wdev)) {
> > >   		imx2_wdt_set_timeout(wdog, wdog->timeout);
> > >   		imx2_wdt_ping(wdog);
> > > +		set_bit(WDOG_HW_RUNNING, &wdog->status);
> > >   	}
> > >
> > >   	return 0;
> > >
> > I really don't like this; it depends on assumptions how the watchdog core
> > works, and it misuses WDOG_HW_RUNNING to indicate that the clock is
> > stopped (or that the driver is in suspend mode).
> > 
> > If ping doesn't work with the clock stopped, I think it would be much better to
> > have a flag indicating that the clock is stopped, and have the ping function do
> > nothing if it is called with stopped clock (ie if suspended).
> > 
> Understood, but I think that corner case should be a common potential issue
> in all watchdog drivers which disable clock in suspend with WDOG_HW_RUNNING.
> So common way looks better than many different specific flags in such different
> watchdog driver with the similar intention?
> 

We can not assume that the situation is exactly the same for all drivers
and use a core flag to indicate some driver specific state just to avoid
a driver-internal flag.

Either case, it looks like you are saying that the watchdog can be stopped
after all, by disabling its clock.

> BTW, for i.mx2_wdt which watchdog can't be stop unless kernel enter into suspend,
> that seems like watchdog stop after suspend and clear WDOG_HW_RUNNING makes
> sense? 
> 

Yes, if you make it official and add a stop function which disables the watchdog
by stopping its clock. Then the driver should not set WDOG_HW_RUNNING in the
first place, and use the normal mechanisms to start and stop the watchdog.
That would include starting the clock in the start function, and stopping it
in the stop function.

Thanks,
Guenter
Robin Gong May 13, 2021, 3:49 a.m. UTC | #4
On 5/12/21 22:15 Guenter Roeck <groeck7@gmail.com> wrote:
> We can not assume that the situation is exactly the same for all drivers and
> use a core flag to indicate some driver specific state just to avoid a
> driver-internal flag.
> 
> Either case, it looks like you are saying that the watchdog can be stopped after
> all, by disabling its clock.
> 
> > BTW, for i.mx2_wdt which watchdog can't be stop unless kernel enter
> > into suspend, that seems like watchdog stop after suspend and clear
> > WDOG_HW_RUNNING makes sense?
> >
> 
> Yes, if you make it official and add a stop function which disables the
> watchdog by stopping its clock. Then the driver should not set
> WDOG_HW_RUNNING in the first place, and use the normal mechanisms to
> start and stop the watchdog.
> That would include starting the clock in the start function, and stopping it in
> the stop function.
> 
Sorry, watchdog can't be stopped by disabling clock. The only way to stop watchdog
is SOC enter Deep Sleep Mode(suspend) and stopped by HW,  so the suspend flow
looks like 'watchdog stop' which I though WDOG_HW_RUNNING makes sense. 
Okay, I will use internal flag instead of WDOG_HW_RUNNING in v2, thanks.
diff mbox series

Patch

diff --git a/drivers/watchdog/imx2_wdt.c b/drivers/watchdog/imx2_wdt.c
index b84f80f..d3751e9 100644
--- a/drivers/watchdog/imx2_wdt.c
+++ b/drivers/watchdog/imx2_wdt.c
@@ -357,6 +357,13 @@  static int __maybe_unused imx2_wdt_suspend(struct device *dev)
 		 */
 		__imx2_wdt_set_timeout(wdog, IMX2_WDT_MAX_TIME);
 		imx2_wdt_ping(wdog);
+
+		/*
+		 * clear WDOG_HW_RUNNING to prevent watchdog_ping_work running
+		 * before imx2_wdt_resume where clock enabled, otherwise kernel
+		 * will hang and watchdog reset happen then.
+		 */
+		clear_bit(WDOG_HW_RUNNING, &wdog->status);
 	}
 
 	clk_disable_unprepare(wdev->clk);
@@ -386,6 +393,7 @@  static int __maybe_unused imx2_wdt_resume(struct device *dev)
 	if (imx2_wdt_is_running(wdev)) {
 		imx2_wdt_set_timeout(wdog, wdog->timeout);
 		imx2_wdt_ping(wdog);
+		set_bit(WDOG_HW_RUNNING, &wdog->status);
 	}
 
 	return 0;