From 7273c8416adbc1d56d1c1b419a17fcae2a57c0f2 Mon Sep 17 00:00:00 2001
From: Peter Barker <pbarker@barker.dropbear.id.au>
Date: Wed, 16 Aug 2023 12:18:52 +1000
Subject: [PATCH] AP_HAL_ChibiOS: prevent Periph bricking problem when
 paniccing early

if Periph panics before we mark the scheduler as initialised then we don't watchdog, which we really need to do on periph nodes so they can be re-flashed conveniently.
---
 libraries/AP_HAL_ChibiOS/Scheduler.cpp                   | 9 +++++++++
 libraries/AP_HAL_ChibiOS/hwdef/scripts/defaults_periph.h | 7 +++++++
 2 files changed, 16 insertions(+)

diff --git a/libraries/AP_HAL_ChibiOS/Scheduler.cpp b/libraries/AP_HAL_ChibiOS/Scheduler.cpp
index 817980fad0..71c279db72 100644
--- a/libraries/AP_HAL_ChibiOS/Scheduler.cpp
+++ b/libraries/AP_HAL_ChibiOS/Scheduler.cpp
@@ -79,6 +79,13 @@ THD_WORKING_AREA(_storage_thread_wa, STORAGE_THD_WA_SIZE);
 THD_WORKING_AREA(_monitor_thread_wa, MONITOR_THD_WA_SIZE);
 #endif
 
+// while the vehicle is being initialised we expect there to be random
+// delays which may exceed the watchdog timeout.  By default, We pat
+// the watchdog in the timer thread during setup to avoid the watchdog:
+#ifndef AP_HAL_CHIBIOS_IN_EXPECTED_DELAY_WHEN_NOT_INITIALISED
+#define AP_HAL_CHIBIOS_IN_EXPECTED_DELAY_WHEN_NOT_INITIALISED 1
+#endif
+
 Scheduler::Scheduler()
 {
 }
@@ -372,10 +379,12 @@ void Scheduler::_rcout_thread(void *arg)
 */
 bool Scheduler::in_expected_delay(void) const
 {
+#if AP_HAL_CHIBIOS_IN_EXPECTED_DELAY_WHEN_NOT_INITIALISED
     if (!_initialized) {
         // until setup() is complete we expect delays
         return true;
     }
+#endif
     if (expect_delay_start != 0) {
         uint32_t now = AP_HAL::millis();
         if (now - expect_delay_start <= expect_delay_length) {
diff --git a/libraries/AP_HAL_ChibiOS/hwdef/scripts/defaults_periph.h b/libraries/AP_HAL_ChibiOS/hwdef/scripts/defaults_periph.h
index 066c35a66a..cb03e89df9 100644
--- a/libraries/AP_HAL_ChibiOS/hwdef/scripts/defaults_periph.h
+++ b/libraries/AP_HAL_ChibiOS/hwdef/scripts/defaults_periph.h
@@ -328,3 +328,10 @@
 #ifndef HAL_BOARD_TERRAIN_DIRECTORY
 #define HAL_BOARD_TERRAIN_DIRECTORY "/APM/TERRAIN"
 #endif
+
+// for boards other than AP_Periph we are always expecting delays when
+// not initialised.  We can't afford that on AP_Periph as you may end
+// up with a bricked node if you write a bad firmware to it.
+#ifndef AP_HAL_CHIBIOS_IN_EXPECTED_DELAY_WHEN_NOT_INITIALISED
+#define AP_HAL_CHIBIOS_IN_EXPECTED_DELAY_WHEN_NOT_INITIALISED 0
+#endif