Re: Is there any supported watchdog hardware straight out of the box?
On Sat, 27 Apr 2019 at 17:55, Stuart Henderson wrote: [...] > It is not true. They don't have *wide* support but there is some > supported hw. If someone wants to change this, I suggest adding acpi > watchdog support would give the best return for time spent. Got it. > Also I don't see what this has to do with watchdogs Well, it's just due to: > >> Recompiling would be needed. > you would normally > not want to wait until userland starts and LKMs are loaded before arming > the watchdog. Well, in theory it couldn't be more correct. In practice though hangs aren't happening that often so a module won't have time to load and start. At least if it would be that bad I won't rely on watchdogs at all. Thank you nonetheless. :) -- End of message. Next message?
Re: Is there any supported watchdog hardware straight out of the box?
On 2019-04-27, Igor Podlesny wrote: > On Fri, 26 Apr 2019 at 22:58, Stuart Henderson wrote: >> On 2019-04-26, Igor Podlesny wrote: >> > Or would kernel's recompiling be needed anyways? > [...] >> Recompiling would be needed. >> >> If you want to try it, see faq 5 about fetching the source tree, >> add "ichwdt* at pci?" to /sys/arch/amd64/conf/GENERIC. then see faq 5 >> about building a kernel. > > Thanks for confirmation and brief how-to even. I'd like to clarify the matter > in > more general ways though. > > 1) Is it true that more or less fresh OpenBSD generic kernels come with > no support of any watchdog hw? It is not true. They don't have *wide* support but there is some supported hw. If someone wants to change this, I suggest adding acpi watchdog support would give the best return for time spent. > 2) I heard that kernel modules were intentionally rid of in OpenBSD > primarily due > security concerns -- did it really happen for that reason? If so, and > I assume that > happened long ago, were there any developer's opinions to undo this? Actually > even not taking crypto verification approach (modules signing) one > could always have > secure level increased high enough to cut down this vector of attacks > completely. LKM added a bunch of complexity to all kernels with only a small benefit to a small subset of users, and there's a viable alternative (build your own kernels rather than just the module). It's not like a kernel build takes all that long. > OTOH, it's well known that dynamic loading approach greatly expands > functionality of > OS and makes it more convenient to use. They also gave an easy way for people to add crap to their kernels. At least with static kernels we can identify from dmesg when somebody reporting a problem is running something other than a standard kernel build. With LKMs this is gone, the most we'll have is a printf, but people reporting bugs have a tendency to remove things they don't want to show or think are unimportant. Also I don't see what this has to do with watchdogs, you would normally not want to wait until userland starts and LKMs are loaded before arming the watchdog.
Re: Is there any supported watchdog hardware straight out of the box?
On Sat, 27 Apr 2019 at 12:12, Theo de Raadt wrote: > Igor Podlesny wrote: [...] > > 1) Is it true that more or less fresh OpenBSD generic kernels come with > > no support of any watchdog hw? > No. I see. > > 2) I heard that kernel modules were intentionally rid of in OpenBSD > > primarily due security concerns -- did it really happen for that reason? > No. I see. > > If so, and I assume that happened long ago, were there any developer's > > opinions to undo this? > No. Well, since it was rid of not due security -- that q-n doesn't matter. But thanks! [...] > > completely. > > Huh? crypto implies security is amateur logic. If only it were I didn't say so. Just asked w/o any implies. > that simple, we'd add crypto to garbage and get secure garbage. I looked for pertinent reply on the matter not garbage analogies. ;-P Look, if you're bored with that q-ns why don't you just skip it? I didn't ask personally you. > > OTOH, it's well known that dynamic loading approach greatly expands > > functionality of > > OS and makes it more convenient to use. > > OK, then I am happy to inform you Linux has everything you want, except > it also has a ton of other things you probably don't want ... alas. I'm well informed about Linux, NetBSD and you Theo and about lots of different things. Some of them surely don't really change with time. ;-P Traditions11 -- End of message. Next message?
Re: Is there any supported watchdog hardware straight out of the box?
Igor Podlesny wrote: > On Fri, 26 Apr 2019 at 22:58, Stuart Henderson wrote: > > On 2019-04-26, Igor Podlesny wrote: > > > Or would kernel's recompiling be needed anyways? > [...] > > Recompiling would be needed. > > > > If you want to try it, see faq 5 about fetching the source tree, > > add "ichwdt* at pci?" to /sys/arch/amd64/conf/GENERIC. then see faq 5 > > about building a kernel. > > Thanks for confirmation and brief how-to even. I'd like to clarify the matter > in > more general ways though. > > 1) Is it true that more or less fresh OpenBSD generic kernels come with > no support of any watchdog hw? No. > > 2) I heard that kernel modules were intentionally rid of in OpenBSD > primarily due > security concerns -- did it really happen for that reason? No. > If so, and > I assume that > happened long ago, were there any developer's opinions to undo this? No. > Actually > even not taking crypto verification approach (modules signing) one > could always have > secure level increased high enough to cut down this vector of attacks > completely. Huh? crypto implies security is amateur logic. If only it were that simple, we'd add crypto to garbage and get secure garbage. > OTOH, it's well known that dynamic loading approach greatly expands > functionality of > OS and makes it more convenient to use. OK, then I am happy to inform you Linux has everything you want, except it also has a ton of other things you probably don't want ... alas.
Re: Is there any supported watchdog hardware straight out of the box?
On Fri, 26 Apr 2019 at 22:58, Stuart Henderson wrote: > On 2019-04-26, Igor Podlesny wrote: > > Or would kernel's recompiling be needed anyways? [...] > Recompiling would be needed. > > If you want to try it, see faq 5 about fetching the source tree, > add "ichwdt* at pci?" to /sys/arch/amd64/conf/GENERIC. then see faq 5 > about building a kernel. Thanks for confirmation and brief how-to even. I'd like to clarify the matter in more general ways though. 1) Is it true that more or less fresh OpenBSD generic kernels come with no support of any watchdog hw? 2) I heard that kernel modules were intentionally rid of in OpenBSD primarily due security concerns -- did it really happen for that reason? If so, and I assume that happened long ago, were there any developer's opinions to undo this? Actually even not taking crypto verification approach (modules signing) one could always have secure level increased high enough to cut down this vector of attacks completely. OTOH, it's well known that dynamic loading approach greatly expands functionality of OS and makes it more convenient to use. -- End of message. Next message?
Re: Is there any supported watchdog hardware straight out of the box?
On 2019-04-26, Igor Podlesny wrote: > Or would kernel's recompiling be needed anyways? > > Moreover, I'm actually interested in intersection of watchdogs > provided by KVM and > supported by OpenBSD (as KVM's guest). At least as to KVM's it's gonna > be a short list: > > 1) i6300esb (PCI) > 2) ib700 (ISA) > > Attempt with 1st item shows its driver isn't compiled. Moreover, I've > found this in mail list archives: > > revision 1.411 > date: 2005/05/02 17:26:00; author: grange; state: Exp; lines: +2 -1; > Add ichwdt(4): Intel 6300ESB ICH watchdog timer driver. Disabled for > now due to lack of testing. If you have a machine that uses this > device please contact me. > > Is there no solution of this task in OpenBSD 6.x? > Recompiling would be needed. If you want to try it, see faq 5 about fetching the source tree, add "ichwdt* at pci?" to /sys/arch/amd64/conf/GENERIC. then see faq 5 about building a kernel.
Is there any supported watchdog hardware straight out of the box?
Or would kernel's recompiling be needed anyways? Moreover, I'm actually interested in intersection of watchdogs provided by KVM and supported by OpenBSD (as KVM's guest). At least as to KVM's it's gonna be a short list: 1) i6300esb (PCI) 2) ib700 (ISA) Attempt with 1st item shows its driver isn't compiled. Moreover, I've found this in mail list archives: revision 1.411 date: 2005/05/02 17:26:00; author: grange; state: Exp; lines: +2 -1; Add ichwdt(4): Intel 6300ESB ICH watchdog timer driver. Disabled for now due to lack of testing. If you have a machine that uses this device please contact me. Is there no solution of this task in OpenBSD 6.x? -- End of message. Next message?
