Google Git
Sign in
third-party-mirror / systemd / refs/heads/master / . / src / shared / watchdog.c
blob: 4445efb125f4f4de8332891cceee8bdf56a21f73 [file] [log] [blame]
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <errno.h>
#include <fcntl.h>
#include <sys/ioctl.h>
#include <syslog.h>
#include <unistd.h>
#include <linux/watchdog.h>
#include "devnum-util.h"
#include "errno-util.h"
#include "fd-util.h"
#include "fileio.h"
#include "log.h"
#include "path-util.h"
#include "string-util.h"
#include "time-util.h"
#include "watchdog.h"
static int watchdog_fd = -EBADF;
static char *watchdog_device = NULL;
static usec_t watchdog_timeout = 0; /* 0 → close device and USEC_INFINITY → don't change timeout */
static usec_t watchdog_pretimeout = 0; /* 0 → disable pretimeout and USEC_INFINITY → don't change pretimeout */
static usec_t watchdog_last_ping = USEC_INFINITY;
static bool watchdog_supports_pretimeout = false; /* Depends on kernel state that might change at runtime */
static char *watchdog_pretimeout_governor = NULL;
/* Starting from kernel version 4.5, the maximum allowable watchdog timeout is
* UINT_MAX/1000U seconds (since internal calculations are done in milliseconds
* using unsigned integers. However, the kernel's userspace API for the watchdog
* uses signed integers for its ioctl parameters (even for timeout values and
* bit flags) so this is why we must consider the maximum signed integer value
* as well.
*/
#define WATCHDOG_TIMEOUT_MAX_SEC (CONST_MIN(UINT_MAX/1000U, (unsigned)INT_MAX))
#define WATCHDOG_GOV_NAME_MAXLEN 20 /* From the kernel watchdog driver */
static int saturated_usec_to_sec(usec_t val) {
usec_t t = DIV_ROUND_UP(val, USEC_PER_SEC);
return MIN(t, (usec_t) WATCHDOG_TIMEOUT_MAX_SEC); /* Saturate to watchdog max */
}
static int get_watchdog_sysfs_path(const char *filename, char **ret_path) {
struct stat st;
if (watchdog_fd < 0)
return -EBADF;
if (fstat(watchdog_fd, &st))
return -errno;
if (!S_ISCHR(st.st_mode))
return -EBADF;
if (asprintf(ret_path, "/sys/dev/char/"DEVNUM_FORMAT_STR"/%s", DEVNUM_FORMAT_VAL(st.st_rdev), filename) < 0)
return -ENOMEM;
return 0;
}
static int get_pretimeout_governor(char **ret_gov) {
_cleanup_free_ char *sys_fn = NULL;
int r;
r = get_watchdog_sysfs_path("pretimeout_governor", &sys_fn);
if (r < 0)
return r;
log_info("Watchdog: reading from %s", sys_fn);
r = read_virtual_file(sys_fn, WATCHDOG_GOV_NAME_MAXLEN - 1, ret_gov, NULL);
if (r < 0)
return r;
delete_trailing_chars(*ret_gov, WHITESPACE);
return 0;
}
static int set_pretimeout_governor(const char *governor) {
_cleanup_free_ char *sys_fn = NULL;
int r;
if (isempty(governor))
return 0; /* Nothing to do */
r = get_watchdog_sysfs_path("pretimeout_governor", &sys_fn);
if (r < 0)
return r;
log_info("Watchdog: setting pretimeout_governor to '%s' via '%s'", governor, sys_fn);
r = write_string_file(sys_fn,
governor,
WRITE_STRING_FILE_DISABLE_BUFFER | WRITE_STRING_FILE_VERIFY_ON_FAILURE | WRITE_STRING_FILE_VERIFY_IGNORE_NEWLINE);
if (r < 0)
return log_error_errno(r, "Failed to set pretimeout_governor to '%s': %m", governor);
return r;
}
static int watchdog_set_enable(bool enable) {
int flags = enable ? WDIOS_ENABLECARD : WDIOS_DISABLECARD;
assert(watchdog_fd >= 0);
if (ioctl(watchdog_fd, WDIOC_SETOPTIONS, &flags) < 0) {
if (!enable)
return log_warning_errno(errno, "Failed to disable hardware watchdog, ignoring: %m");
/* ENOTTY means the watchdog is always enabled so we're fine */
log_full_errno(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING, errno,
"Failed to enable hardware watchdog, ignoring: %m");
if (!ERRNO_IS_NOT_SUPPORTED(errno))
return -errno;
}
return 0;
}
static int watchdog_read_timeout(void) {
int sec = 0;
assert(watchdog_fd >= 0);
if (ioctl(watchdog_fd, WDIOC_GETTIMEOUT, &sec) < 0)
return -errno;
assert(sec > 0);
watchdog_timeout = sec * USEC_PER_SEC;
return 0;
}
static int watchdog_set_timeout(void) {
int sec;
assert(watchdog_fd >= 0);
assert(timestamp_is_set(watchdog_timeout));
sec = saturated_usec_to_sec(watchdog_timeout);
if (ioctl(watchdog_fd, WDIOC_SETTIMEOUT, &sec) < 0)
return -errno;
assert(sec > 0); /* buggy driver ? */
watchdog_timeout = sec * USEC_PER_SEC;
return 0;
}
static int watchdog_read_pretimeout(void) {
int sec = 0;
assert(watchdog_fd >= 0);
if (ioctl(watchdog_fd, WDIOC_GETPRETIMEOUT, &sec) < 0) {
watchdog_pretimeout = 0;
return log_full_errno(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING, errno, "Failed to get pretimeout value, ignoring: %m");
}
watchdog_pretimeout = sec * USEC_PER_SEC;
return 0;
}
static int watchdog_set_pretimeout(void) {
int sec;
assert(watchdog_fd >= 0);
assert(watchdog_pretimeout != USEC_INFINITY);
sec = saturated_usec_to_sec(watchdog_pretimeout);
if (ioctl(watchdog_fd, WDIOC_SETPRETIMEOUT, &sec) < 0) {
watchdog_pretimeout = 0;
if (ERRNO_IS_NOT_SUPPORTED(errno)) {
log_info("Watchdog does not support pretimeouts.");
return 0;
}
return log_error_errno(errno, "Failed to set pretimeout to %s: %m", FORMAT_TIMESPAN(sec, USEC_PER_SEC));
}
/* The set ioctl does not return the actual value set so get it now. */
(void) watchdog_read_pretimeout();
return 0;
}
usec_t watchdog_get_last_ping(clockid_t clock) {
return map_clock_usec(watchdog_last_ping, CLOCK_BOOTTIME, clock);
}
static int watchdog_ping_now(void) {
assert(watchdog_fd >= 0);
if (ioctl(watchdog_fd, WDIOC_KEEPALIVE, 0) < 0)
return log_warning_errno(errno, "Failed to ping hardware watchdog, ignoring: %m");
watchdog_last_ping = now(CLOCK_BOOTTIME);
return 0;
}
static int update_pretimeout(void) {
_cleanup_free_ char *governor = NULL;
int r, t_sec, pt_sec;
if (watchdog_fd < 0)
return 0;
if (watchdog_timeout == USEC_INFINITY || watchdog_pretimeout == USEC_INFINITY)
return 0;
if (!watchdog_supports_pretimeout && watchdog_pretimeout == 0)
return 0; /* Nothing to do */
/* The configuration changed, do not assume it can still work, as the module(s)
* might have been unloaded. */
watchdog_supports_pretimeout = false;
/* Update the pretimeout governor as well */
(void) set_pretimeout_governor(watchdog_pretimeout_governor);
r = get_pretimeout_governor(&governor);
if (r < 0)
return log_warning_errno(r, "Watchdog: failed to read pretimeout governor: %m");
if (isempty(governor))
return log_warning_errno(SYNTHETIC_ERRNO(EINVAL),
"Watchdog: no pretimeout governor detected - is the required kernel module loaded?");
/* If we have a pretimeout governor, then pretimeout is supported. Without a governor
* pretimeout does not work at all.
* Note that this might require a kernel module that is not autoloaded, so we don't
* cache this, but we check every time the configuration changes. */
watchdog_supports_pretimeout = true;
/* Determine if the pretimeout is valid for the current watchdog timeout. */
t_sec = saturated_usec_to_sec(watchdog_timeout);
pt_sec = saturated_usec_to_sec(watchdog_pretimeout);
if (pt_sec >= t_sec) {
r = log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Cannot set watchdog pretimeout to %is (%s watchdog timeout of %is)",
pt_sec, pt_sec == t_sec ? "same as" : "longer than", t_sec);
(void) watchdog_read_pretimeout();
} else
r = watchdog_set_pretimeout();
if (watchdog_pretimeout == 0)
log_info("Watchdog pretimeout is disabled.");
else
log_info("Watchdog running with a pretimeout of %s with governor '%s'.",
FORMAT_TIMESPAN(watchdog_pretimeout, 0),
governor);
return r;
}
static int update_timeout(void) {
int r;
assert(watchdog_timeout > 0);
if (watchdog_fd < 0)
return 0;
if (watchdog_timeout != USEC_INFINITY) {
r = watchdog_set_timeout();
if (r < 0) {
if (!ERRNO_IS_NOT_SUPPORTED(r))
return log_error_errno(r, "Failed to set timeout to %s: %m",
FORMAT_TIMESPAN(watchdog_timeout, 0));
log_info("Modifying watchdog timeout is not supported, reusing the programmed timeout.");
watchdog_timeout = USEC_INFINITY;
}
}
if (watchdog_timeout == USEC_INFINITY) {
r = watchdog_read_timeout();
if (r < 0)
return log_error_errno(r, "Failed to query watchdog HW timeout: %m");
}
/* If the watchdog timeout was changed, the pretimeout could have been
* changed as well by the driver or the kernel so we need to update the
* pretimeout now. Or if the watchdog is being configured for the first
* time, we want to configure the pretimeout before it is enabled. */
(void) update_pretimeout();
r = watchdog_set_enable(true);
if (r < 0)
return r;
log_info("Watchdog running with a timeout of %s.", FORMAT_TIMESPAN(watchdog_timeout, 0));
return watchdog_ping_now();
}
static int open_watchdog(void) {
struct watchdog_info ident;
char **try_order;
int r;
if (watchdog_fd >= 0)
return 0;
/* Let's prefer new-style /dev/watchdog0 (i.e. kernel 3.5+) over classic /dev/watchdog. The former
* has the benefit that we can easily find the matching directory in sysfs from it, as the relevant
* sysfs attributes can only be found via /sys/dev/char/<major>:<minor> if the new-style device
* major/minor is used, not the old-style. */
try_order = !watchdog_device || PATH_IN_SET(watchdog_device, "/dev/watchdog", "/dev/watchdog0") ?
STRV_MAKE("/dev/watchdog0", "/dev/watchdog") : STRV_MAKE(watchdog_device);
STRV_FOREACH(wd, try_order) {
watchdog_fd = open(*wd, O_WRONLY|O_CLOEXEC);
if (watchdog_fd >= 0) {
r = free_and_strdup(&watchdog_device, *wd);
if (r < 0)
return log_oom_debug();
break;
}
if (errno != ENOENT)
return log_debug_errno(errno, "Failed to open watchdog device %s: %m", *wd);
}
if (watchdog_fd < 0)
return log_debug_errno(SYNTHETIC_ERRNO(ENOENT), "Failed to open watchdog device %s: %m", watchdog_device ?: "auto");
if (ioctl(watchdog_fd, WDIOC_GETSUPPORT, &ident) < 0)
log_debug_errno(errno, "Hardware watchdog %s does not support WDIOC_GETSUPPORT ioctl, ignoring: %m", watchdog_device);
else
log_info("Using hardware watchdog '%s', version %x, device %s",
ident.identity,
ident.firmware_version,
watchdog_device);
r = update_timeout();
if (r < 0)
watchdog_close(true);
return r;
}
const char *watchdog_get_device(void) {
return watchdog_device;
}
int watchdog_set_device(const char *path) {
int r;
r = free_and_strdup(&watchdog_device, path);
if (r > 0) /* watchdog_device changed */
watchdog_fd = safe_close(watchdog_fd);
return r;
}
int watchdog_setup(usec_t timeout) {
usec_t previous_timeout;
int r;
/* timeout=0 closes the device whereas passing timeout=USEC_INFINITY opens it (if needed)
* without configuring any particular timeout and thus reuses the programmed value (therefore
* it's a nop if the device is already opened). */
if (timeout == 0) {
watchdog_close(true);
return 0;
}
/* Let's shortcut duplicated requests */
if (watchdog_fd >= 0 && (timeout == watchdog_timeout || timeout == USEC_INFINITY))
return 0;
/* Initialize the watchdog timeout with the caller value. This value is going to be updated by
* update_timeout() with the closest value supported by the driver */
previous_timeout = watchdog_timeout;
watchdog_timeout = timeout;
if (watchdog_fd < 0)
return open_watchdog();
r = update_timeout();
if (r < 0)
watchdog_timeout = previous_timeout;
return r;
}
int watchdog_setup_pretimeout(usec_t timeout) {
/* timeout=0 disables the pretimeout whereas timeout=USEC_INFINITY is a nop. */
if ((watchdog_fd >= 0 && timeout == watchdog_pretimeout) || timeout == USEC_INFINITY)
return 0;
/* Initialize the watchdog timeout with the caller value. This value is
* going to be updated by update_pretimeout() with the running value,
* even if it fails to update the timeout. */
watchdog_pretimeout = timeout;
return update_pretimeout();
}
int watchdog_setup_pretimeout_governor(const char *governor) {
if (free_and_strdup(&watchdog_pretimeout_governor, governor) < 0)
return -ENOMEM;
return set_pretimeout_governor(watchdog_pretimeout_governor);
}
static usec_t calc_timeout(void) {
/* Calculate the effective timeout which accounts for the watchdog
* pretimeout if configured and supported. */
if (watchdog_supports_pretimeout && timestamp_is_set(watchdog_pretimeout) && watchdog_timeout >= watchdog_pretimeout)
return watchdog_timeout - watchdog_pretimeout;
else
return watchdog_timeout;
}
usec_t watchdog_runtime_wait(void) {
usec_t timeout = calc_timeout();
if (!timestamp_is_set(timeout))
return USEC_INFINITY;
/* Sleep half the watchdog timeout since the last successful ping at most */
if (timestamp_is_set(watchdog_last_ping)) {
usec_t ntime = now(CLOCK_BOOTTIME);
assert(ntime >= watchdog_last_ping);
return usec_sub_unsigned(watchdog_last_ping + (timeout / 2), ntime);
}
return timeout / 2;
}
int watchdog_ping(void) {
usec_t ntime, timeout;
if (watchdog_timeout == 0)
return 0;
if (watchdog_fd < 0)
/* open_watchdog() will automatically ping the device for us if necessary */
return open_watchdog();
ntime = now(CLOCK_BOOTTIME);
timeout = calc_timeout();
/* Never ping earlier than watchdog_timeout/4 and try to ping
* by watchdog_timeout/2 plus scheduling latencies at the latest */
if (timestamp_is_set(watchdog_last_ping)) {
assert(ntime >= watchdog_last_ping);
if ((ntime - watchdog_last_ping) < (timeout / 4))
return 0;
}
return watchdog_ping_now();
}
void watchdog_close(bool disarm) {
/* Once closed, pinging the device becomes a NOP and we request a new
* call to watchdog_setup() to open the device again. */
watchdog_timeout = 0;
if (watchdog_fd < 0)
return;
if (disarm) {
(void) watchdog_set_enable(false);
/* To be sure, use magic close logic, too */
for (;;) {
static const char v = 'V';
if (write(watchdog_fd, &v, 1) > 0)
break;
if (errno != EINTR) {
log_warning_errno(errno, "Failed to disarm watchdog timer, ignoring: %m");
break;
}
}
}
watchdog_fd = safe_close(watchdog_fd);
}