1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
3 *
4 * Copyright (c) 2004 Poul-Henning Kamp
5 * Copyright (c) 2013 iXsystems.com,
6 * author: Alfred Perlstein <alfred@freebsd.org>
7 *
8 * All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer
15 * in this position and unchanged.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 *
31 */
32
33 #include "opt_ddb.h"
34
35 #include <sys/param.h>
36 #include <sys/bus.h>
37 #include <sys/conf.h>
38 #include <sys/eventhandler.h>
39 #include <sys/kdb.h>
40 #include <sys/kernel.h>
41 #include <sys/malloc.h>
42 #include <sys/module.h>
43 #include <sys/mutex.h>
44 #include <sys/sysctl.h>
45 #include <sys/syslog.h>
46 #include <sys/systm.h>
47 #include <sys/uio.h>
48 #include <sys/watchdog.h>
49 #include <machine/bus.h>
50
51 #include <sys/syscallsubr.h> /* kern_clock_gettime() */
52
53 static int wd_set_pretimeout(int newtimeout, int disableiftoolong);
54 static void wd_timeout_cb(void *arg);
55
56 static struct callout wd_pretimeo_handle;
57 static int wd_pretimeout;
58 static int wd_pretimeout_act = WD_SOFT_LOG;
59
60 static struct callout wd_softtimeo_handle;
61 static int wd_softtimer; /* true = use softtimer instead of hardware
62 watchdog */
63 static int wd_softtimeout_act = WD_SOFT_LOG; /* action for the software timeout */
64
65 static struct cdev *wd_dev;
66 static volatile u_int wd_last_u; /* last timeout value set by kern_do_pat */
67 static u_int wd_last_u_sysctl; /* last timeout value set by kern_do_pat */
68 static u_int wd_last_u_sysctl_secs; /* wd_last_u in seconds */
69
70 SYSCTL_NODE(_hw, OID_AUTO, watchdog, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
71 "Main watchdog device");
72 SYSCTL_UINT(_hw_watchdog, OID_AUTO, wd_last_u, CTLFLAG_RD,
73 &wd_last_u_sysctl, 0, "Watchdog last update time");
74 SYSCTL_UINT(_hw_watchdog, OID_AUTO, wd_last_u_secs, CTLFLAG_RD,
75 &wd_last_u_sysctl_secs, 0, "Watchdog last update time");
76
77 static int wd_lastpat_valid = 0;
78 static time_t wd_lastpat = 0; /* when the watchdog was last patted */
79
80 /* Hook for external software watchdog to register for use if needed */
81 void (*wdog_software_attach)(void);
82
83 static void
pow2ns_to_ts(int pow2ns,struct timespec * ts)84 pow2ns_to_ts(int pow2ns, struct timespec *ts)
85 {
86 uint64_t ns;
87
88 ns = 1ULL << pow2ns;
89 ts->tv_sec = ns / 1000000000ULL;
90 ts->tv_nsec = ns % 1000000000ULL;
91 }
92
93 static int
pow2ns_to_ticks(int pow2ns)94 pow2ns_to_ticks(int pow2ns)
95 {
96 struct timeval tv;
97 struct timespec ts;
98
99 pow2ns_to_ts(pow2ns, &ts);
100 TIMESPEC_TO_TIMEVAL(&tv, &ts);
101 return (tvtohz(&tv));
102 }
103
104 static int
seconds_to_pow2ns(int seconds)105 seconds_to_pow2ns(int seconds)
106 {
107 uint64_t power;
108 uint64_t ns;
109 uint64_t shifted;
110
111 ns = ((uint64_t)seconds) * 1000000000ULL;
112 power = flsll(ns);
113 shifted = 1ULL << power;
114 if (shifted <= ns) {
115 power++;
116 }
117 return (power);
118 }
119
120 int
wdog_kern_pat(u_int utim)121 wdog_kern_pat(u_int utim)
122 {
123 int error;
124 static int first = 1;
125
126 if ((utim & WD_LASTVAL) != 0 && (utim & WD_INTERVAL) > 0)
127 return (EINVAL);
128
129 if ((utim & WD_LASTVAL) != 0) {
130 /*
131 * if WD_LASTVAL is set, fill in the bits for timeout
132 * from the saved value in wd_last_u.
133 */
134 MPASS((wd_last_u & ~WD_INTERVAL) == 0);
135 utim &= ~WD_LASTVAL;
136 utim |= wd_last_u;
137 } else {
138 /*
139 * Otherwise save the new interval.
140 * This can be zero (to disable the watchdog)
141 */
142 wd_last_u = (utim & WD_INTERVAL);
143 wd_last_u_sysctl = wd_last_u;
144 wd_last_u_sysctl_secs = pow2ns_to_ticks(wd_last_u) / hz;
145 }
146 if ((utim & WD_INTERVAL) == WD_TO_NEVER) {
147 utim = 0;
148
149 /* Assume all is well; watchdog signals failure. */
150 error = 0;
151 } else {
152 /* Assume no watchdog available; watchdog flags success */
153 error = EOPNOTSUPP;
154 }
155 if (wd_softtimer) {
156 if (utim == 0) {
157 callout_stop(&wd_softtimeo_handle);
158 } else {
159 (void) callout_reset(&wd_softtimeo_handle,
160 pow2ns_to_ticks(utim), wd_timeout_cb, "soft");
161 }
162 error = 0;
163 } else {
164 EVENTHANDLER_INVOKE(watchdog_list, utim, &error);
165 }
166 /*
167 * If we no hardware watchdog responded, we have not tried to
168 * attach an external software watchdog, and one is available,
169 * attach it now and retry.
170 */
171 if (error == EOPNOTSUPP && first && *wdog_software_attach != NULL) {
172 (*wdog_software_attach)();
173 EVENTHANDLER_INVOKE(watchdog_list, utim, &error);
174 }
175 first = 0;
176
177 wd_set_pretimeout(wd_pretimeout, true);
178 /*
179 * If we were able to arm/strobe the watchdog, then
180 * update the last time it was strobed for WDIOC_GETTIMELEFT
181 */
182 if (!error) {
183 struct timespec ts;
184
185 error = kern_clock_gettime(curthread /* XXX */,
186 CLOCK_MONOTONIC_FAST, &ts);
187 if (!error) {
188 wd_lastpat = ts.tv_sec;
189 wd_lastpat_valid = 1;
190 }
191 }
192 return (error);
193 }
194
195 static int
wd_valid_act(int act)196 wd_valid_act(int act)
197 {
198
199 if ((act & ~(WD_SOFT_MASK)) != 0)
200 return false;
201 return true;
202 }
203
204 static int
wd_ioctl_patpat(caddr_t data)205 wd_ioctl_patpat(caddr_t data)
206 {
207 u_int u;
208
209 u = *(u_int *)data;
210 if (u & ~(WD_ACTIVE | WD_PASSIVE | WD_LASTVAL | WD_INTERVAL))
211 return (EINVAL);
212 if ((u & (WD_ACTIVE | WD_PASSIVE)) == (WD_ACTIVE | WD_PASSIVE))
213 return (EINVAL);
214 if ((u & (WD_ACTIVE | WD_PASSIVE)) == 0 && ((u & WD_INTERVAL) > 0 ||
215 (u & WD_LASTVAL) != 0))
216 return (EINVAL);
217 if (u & WD_PASSIVE)
218 return (ENOSYS); /* XXX Not implemented yet */
219 u &= ~(WD_ACTIVE | WD_PASSIVE);
220
221 return (wdog_kern_pat(u));
222 }
223
224 static int
wd_get_time_left(struct thread * td,time_t * remainp)225 wd_get_time_left(struct thread *td, time_t *remainp)
226 {
227 struct timespec ts;
228 int error;
229
230 error = kern_clock_gettime(td, CLOCK_MONOTONIC_FAST, &ts);
231 if (error)
232 return (error);
233 if (!wd_lastpat_valid)
234 return (ENOENT);
235 *remainp = ts.tv_sec - wd_lastpat;
236 return (0);
237 }
238
239 static void
wd_timeout_cb(void * arg)240 wd_timeout_cb(void *arg)
241 {
242 const char *type = arg;
243
244 #ifdef DDB
245 if ((wd_pretimeout_act & WD_SOFT_DDB)) {
246 char kdb_why[80];
247 snprintf(kdb_why, sizeof(kdb_why), "watchdog %s-timeout", type);
248 kdb_backtrace();
249 kdb_enter(KDB_WHY_WATCHDOG, kdb_why);
250 }
251 #endif
252 if ((wd_pretimeout_act & WD_SOFT_LOG))
253 log(LOG_EMERG, "watchdog %s-timeout, WD_SOFT_LOG\n", type);
254 if ((wd_pretimeout_act & WD_SOFT_PRINTF))
255 printf("watchdog %s-timeout, WD_SOFT_PRINTF\n", type);
256 if ((wd_pretimeout_act & WD_SOFT_PANIC))
257 panic("watchdog %s-timeout, WD_SOFT_PANIC set", type);
258 }
259
260 /*
261 * Called to manage timeouts.
262 * newtimeout needs to be in the range of 0 to actual watchdog timeout.
263 * if 0, we disable the pre-timeout.
264 * otherwise we set the pre-timeout provided it's not greater than the
265 * current actual watchdog timeout.
266 */
267 static int
wd_set_pretimeout(int newtimeout,int disableiftoolong)268 wd_set_pretimeout(int newtimeout, int disableiftoolong)
269 {
270 u_int utime;
271 struct timespec utime_ts;
272 int timeout_ticks;
273
274 utime = wdog_kern_last_timeout();
275 pow2ns_to_ts(utime, &utime_ts);
276 /* do not permit a pre-timeout >= than the timeout. */
277 if (newtimeout >= utime_ts.tv_sec) {
278 /*
279 * If 'disableiftoolong' then just fall through
280 * so as to disable the pre-watchdog
281 */
282 if (disableiftoolong)
283 newtimeout = 0;
284 else
285 return EINVAL;
286 }
287
288 /* disable the pre-timeout */
289 if (newtimeout == 0) {
290 wd_pretimeout = 0;
291 callout_stop(&wd_pretimeo_handle);
292 return 0;
293 }
294
295 timeout_ticks = pow2ns_to_ticks(utime) - (hz*newtimeout);
296 #if 0
297 printf("wd_set_pretimeout: "
298 "newtimeout: %d, "
299 "utime: %d -> utime_ticks: %d, "
300 "hz*newtimeout: %d, "
301 "timeout_ticks: %d -> sec: %d\n",
302 newtimeout,
303 utime, pow2ns_to_ticks(utime),
304 hz*newtimeout,
305 timeout_ticks, timeout_ticks / hz);
306 #endif
307
308 /* We determined the value is sane, so reset the callout */
309 (void) callout_reset(&wd_pretimeo_handle,
310 timeout_ticks, wd_timeout_cb, "pre");
311 wd_pretimeout = newtimeout;
312 return 0;
313 }
314
315 static int
wd_ioctl(struct cdev * dev __unused,u_long cmd,caddr_t data,int flags __unused,struct thread * td)316 wd_ioctl(struct cdev *dev __unused, u_long cmd, caddr_t data,
317 int flags __unused, struct thread *td)
318 {
319 u_int u;
320 time_t timeleft;
321 int error;
322
323 error = 0;
324
325 switch (cmd) {
326 case WDIOC_SETSOFT:
327 u = *(int *)data;
328 /* do nothing? */
329 if (u == wd_softtimer)
330 break;
331 /* If there is a pending timeout disallow this ioctl */
332 if (wd_last_u != 0) {
333 error = EINVAL;
334 break;
335 }
336 wd_softtimer = u;
337 break;
338 case WDIOC_SETSOFTTIMEOUTACT:
339 u = *(int *)data;
340 if (wd_valid_act(u)) {
341 wd_softtimeout_act = u;
342 } else {
343 error = EINVAL;
344 }
345 break;
346 case WDIOC_SETPRETIMEOUTACT:
347 u = *(int *)data;
348 if (wd_valid_act(u)) {
349 wd_pretimeout_act = u;
350 } else {
351 error = EINVAL;
352 }
353 break;
354 case WDIOC_GETPRETIMEOUT:
355 *(int *)data = (int)wd_pretimeout;
356 break;
357 case WDIOC_SETPRETIMEOUT:
358 error = wd_set_pretimeout(*(int *)data, false);
359 break;
360 case WDIOC_GETTIMELEFT:
361 error = wd_get_time_left(td, &timeleft);
362 if (error)
363 break;
364 *(int *)data = (int)timeleft;
365 break;
366 case WDIOC_SETTIMEOUT:
367 u = *(u_int *)data;
368 error = wdog_kern_pat(seconds_to_pow2ns(u));
369 break;
370 case WDIOC_GETTIMEOUT:
371 u = wdog_kern_last_timeout();
372 *(u_int *)data = u;
373 break;
374 case WDIOCPATPAT:
375 error = wd_ioctl_patpat(data);
376 break;
377 default:
378 error = ENOIOCTL;
379 break;
380 }
381 return (error);
382 }
383
384 /*
385 * Return the last timeout set, this is NOT the seconds from NOW until timeout,
386 * rather it is the amount of seconds passed to WDIOCPATPAT/WDIOC_SETTIMEOUT.
387 */
388 u_int
wdog_kern_last_timeout(void)389 wdog_kern_last_timeout(void)
390 {
391
392 return (wd_last_u);
393 }
394
395 static struct cdevsw wd_cdevsw = {
396 .d_version = D_VERSION,
397 .d_ioctl = wd_ioctl,
398 .d_name = "watchdog",
399 };
400
401 static int
watchdog_modevent(module_t mod __unused,int type,void * data __unused)402 watchdog_modevent(module_t mod __unused, int type, void *data __unused)
403 {
404 switch(type) {
405 case MOD_LOAD:
406 callout_init(&wd_pretimeo_handle, 1);
407 callout_init(&wd_softtimeo_handle, 1);
408 wd_dev = make_dev(&wd_cdevsw, 0,
409 UID_ROOT, GID_WHEEL, 0600, _PATH_WATCHDOG);
410 return 0;
411 case MOD_UNLOAD:
412 callout_stop(&wd_pretimeo_handle);
413 callout_stop(&wd_softtimeo_handle);
414 callout_drain(&wd_pretimeo_handle);
415 callout_drain(&wd_softtimeo_handle);
416 destroy_dev(wd_dev);
417 return 0;
418 case MOD_SHUTDOWN:
419 return 0;
420 default:
421 return EOPNOTSUPP;
422 }
423 }
424
425 DEV_MODULE(watchdog, watchdog_modevent, NULL);
426