> I am trying to correctly reboot a system from within 
> the kernel, after a watchdog fails. 
> 
> The watchdog code is implemented with the 
> timeout((void*)function name,context,time) 
> which recursively calls the watchdog function. When 
> the watchdog times out, the timer is not reenabled 
> and the cpu_reboot function is called. 

cpu_reboot() needs to run in process context so it can block waiting
for i/o to complete, while timeout functions run in interrupt context.
You can't call tsleep in an interrupt routine.

You have a few options, depending on what sort of failure you're
attempting to protect against..

 - On x86, cpu_reset() should work in an interrupt routine, but it
won't sync out the buffer cache and cleanly unmount the filesystem.

 - you can spawn a kernel thread (look at sys/kern/kern_kthread.c),
and have it tsleep() waiting for a wakeup() from your watchdog timeout
routine, and have your timeout function wake it up; this can call
cpu_reboot() for a clean shutdown; however, if the system is stuck
looping at interrupt level, it will never get a chance to run.

The truly paranoid would probably use a hardware watchdog timer..

				- Bill