From 4eaf6e77be34a1c217623c8c9ec3312bd11399e9 Mon Sep 17 00:00:00 2001
From: bresch <brescianimathieu@gmail.com>
Date: Wed, 30 Jan 2019 16:33:27 +0100
Subject: [PATCH] Flight termination - Always send flag to IO without checking
 the circuit breaker. The circuit breaker is used inside IO to decide if it
 has to go into failsafe if FMU dies and also controls is the FailureDetector
 sets the force_failsafe flag. The other sources of flight termination (rc
 loss, geo fence, ...) are not disabled by the circuit breaker

---
 src/drivers/px4io/px4io.cpp                      |  3 +--
 src/lib/circuit_breaker/circuit_breaker_params.c | 10 ++--------
 src/modules/px4iofirmware/mixer.cpp              |  1 +
 3 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/src/drivers/px4io/px4io.cpp b/src/drivers/px4io/px4io.cpp
index 97b20f3b80..cd1542e7d4 100644
--- a/src/drivers/px4io/px4io.cpp
+++ b/src/drivers/px4io/px4io.cpp
@@ -1372,8 +1372,7 @@ PX4IO::io_set_arming_state()
 			_lockdown_override = false;
 		}
 
-		/* Do not set failsafe if circuit breaker is enabled */
-		if (armed.force_failsafe && !_cb_flighttermination) {
+		if (armed.force_failsafe) {
 			set |= PX4IO_P_SETUP_ARMING_FORCE_FAILSAFE;
 
 		} else {
diff --git a/src/lib/circuit_breaker/circuit_breaker_params.c b/src/lib/circuit_breaker/circuit_breaker_params.c
index 9567861a0f..6939cdb91b 100644
--- a/src/lib/circuit_breaker/circuit_breaker_params.c
+++ b/src/lib/circuit_breaker/circuit_breaker_params.c
@@ -103,14 +103,8 @@ PARAM_DEFINE_INT32(CBRK_AIRSPD_CHK, 0);
 /**
  * Circuit breaker for flight termination
  *
- * Setting this parameter to 121212 will disable the flight termination action.
- * If configured, flight termination can be triggered as a failsafe action of the following failures:
- * - RC or data link is lost
- * - The vehicle moves outside the geofence
- * - The FailureDetector reports a failure (e.g.: attitude failure).
- * - GPS is lost, height estimate is not available and RC is lost
- * Flight termination is also triggered on the IO processor if FMU is lost.
- * => With this circuit breaker enabled, flight termination will never be exectued, even if configured.
+ * Setting this parameter to 121212 will disable the flight termination action if triggered
+ * by the FailureDetector logic or if FMU is lost.
  * WARNING: ENABLING THIS CIRCUIT BREAKER IS AT OWN RISK
  *
  * @reboot_required true
diff --git a/src/modules/px4iofirmware/mixer.cpp b/src/modules/px4iofirmware/mixer.cpp
index 78dc5ace3e..2a87ccc2cc 100644
--- a/src/modules/px4iofirmware/mixer.cpp
+++ b/src/modules/px4iofirmware/mixer.cpp
@@ -235,6 +235,7 @@ mixer_tick(void)
 		should_arm &&
 		/* and FMU is initialized */
 		(r_status_flags & PX4IO_P_STATUS_FLAGS_FMU_INITIALIZED)) {
+		/* FMU is then dead -> force failsafe */
 		PX4_ATOMIC_MODIFY_OR(r_setup_arming, PX4IO_P_SETUP_ARMING_FORCE_FAILSAFE);
 	}