zephyr: Task Watchdog Fallback Timeout Before Installing Timeout - STM32

Describe the bug The task watchdog using a hardware watchdog fallback must be fed upon initialization, but it is not specified/unclear in the Task Watchdog documentation that this should be the case. Not doing so will result in a hardware watchdog timeout.

Digging into the source code, I have found that calling task_wdt_init(hw_wdt) when using the hardware watchdog fallback feature enabled with CONFIG_TASK_WDT_HW_FALLBACK will result in a hardware watchdog that must be fed, regardless of whether task_wdt_add() has been called yet. My suspicion for why this is the case, at least with the STM32 LL drivers, is that the watchdog appears to be enabled down the call stack with LL_IWDG_Enable(iwdg) from the call to wdt_install_timeout() found in task_wdt_init(). My understanding is that wdt_setup() should first be called to enable a hardware watchdog that must be fed, which does happen in task_wdt_add(). The following is where the call to LL_IWDG_Enable(iwdg) occurs: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/watchdog/wdt_iwdg_stm32.c#L139

Please also mention any information which could help others to understand the problem you’re facing:

What target platform are you using? I am using a custom board with an STM32 H743VIT, however a Nucleo H743ZI dev board should replicate the issue.
What have you tried to diagnose or workaround this issue? The issue is fixed by increasing the value of CONFIG_TASK_WDT_MIN_TIMEOUT, as specified should be done in the task watchdog source code docstring (https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/task_wdt/task_wdt.c#L94). However, I still believe this is incorrect functionality, as the hardware watchdog should not need to be fed unless a task watchdog channel has been added.

To Reproduce Steps to reproduce the behavior:

add the following configurations to the prj.conf file:

CONFIG_WATCHDOG=y
CONFIG_WDT_DISABLE_AT_BOOT=y
CONFIG_TASK_WDT=y
CONFIG_TASK_WDT_HW_FALLBACK=y

make a call to task_wdt_init() with the provided hardware watchdog device
west build
west flash
See the system restart repeatedly due to a hardware watchdog failure.

Expected behavior The hardware watchdog fallback should not trigger unless a task watchdog channel has been added via the task_wdt_add() call.

Impact Unclear intended functionality.

Logs and console output Screenshot showing immediate reboot due to hardware watchdog immediately triggering from task watchdog initialization. watchdog-reboot

Call stack showing path for task_wdt_init(). call-stack

Environment (please complete the following information):

OS: Ubuntu 22.10
Zephyr SDK 0.13.1, Zephyr 3.1.0

About this issue

Original URL
State: closed
Created 2 years ago
Comments: 17 (6 by maintainers)

Commits related to this issue

Revert "drivers: watchdog: stm32 iwdg starts with timeout install" According to the API docs, the watchdog should not be enabled in the wdt_install_timeout function. This has also caused issues descr... — committed to martinjaeger/zephyr by martinjaeger a year ago

Most upvoted comments

@erwango I never used the task watchdog. Maybe @martinjaeger can help?

alexanderwachter on Dec 22, 2022