1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2004 Poul-Henning Kamp 5 * Copyright (c) 2013 iXsystems.com, 6 * author: Alfred Perlstein <alfred@freebsd.org> 7 * 8 * All rights reserved. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer 15 * in this position and unchanged. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR 21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 * 31 */ 32 33 #include "opt_ddb.h" 34 35 #include <sys/param.h> 36 #include <sys/bus.h> 37 #include <sys/conf.h> 38 #include <sys/eventhandler.h> 39 #include <sys/kdb.h> 40 #include <sys/kernel.h> 41 #include <sys/malloc.h> 42 #include <sys/module.h> 43 #include <sys/mutex.h> 44 #include <sys/sysctl.h> 45 #include <sys/syslog.h> 46 #include <sys/systm.h> 47 #include <sys/uio.h> 48 #include <sys/watchdog.h> 49 #include <machine/bus.h> 50 51 #include <sys/syscallsubr.h> /* kern_clock_gettime() */ 52 53 static int wd_set_pretimeout(int newtimeout, int disableiftoolong); 54 static void wd_timeout_cb(void *arg); 55 56 static struct callout wd_pretimeo_handle; 57 static int wd_pretimeout; 58 static int wd_pretimeout_act = WD_SOFT_LOG; 59 60 static struct callout wd_softtimeo_handle; 61 static int wd_softtimer; /* true = use softtimer instead of hardware 62 watchdog */ 63 static int wd_softtimeout_act = WD_SOFT_LOG; /* action for the software timeout */ 64 65 static struct cdev *wd_dev; 66 static volatile u_int wd_last_u; /* last timeout value set by kern_do_pat */ 67 static u_int wd_last_u_sysctl; /* last timeout value set by kern_do_pat */ 68 static u_int wd_last_u_sysctl_secs; /* wd_last_u in seconds */ 69 70 SYSCTL_NODE(_hw, OID_AUTO, watchdog, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, 71 "Main watchdog device"); 72 SYSCTL_UINT(_hw_watchdog, OID_AUTO, wd_last_u, CTLFLAG_RD, 73 &wd_last_u_sysctl, 0, "Watchdog last update time"); 74 SYSCTL_UINT(_hw_watchdog, OID_AUTO, wd_last_u_secs, CTLFLAG_RD, 75 &wd_last_u_sysctl_secs, 0, "Watchdog last update time"); 76 77 static int wd_lastpat_valid = 0; 78 static time_t wd_lastpat = 0; /* when the watchdog was last patted */ 79 80 /* Hook for external software watchdog to register for use if needed */ 81 void (*wdog_software_attach)(void); 82 83 static void 84 pow2ns_to_ts(int pow2ns, struct timespec *ts) 85 { 86 uint64_t ns; 87 88 ns = 1ULL << pow2ns; 89 ts->tv_sec = ns / 1000000000ULL; 90 ts->tv_nsec = ns % 1000000000ULL; 91 } 92 93 static int 94 pow2ns_to_ticks(int pow2ns) 95 { 96 struct timeval tv; 97 struct timespec ts; 98 99 pow2ns_to_ts(pow2ns, &ts); 100 TIMESPEC_TO_TIMEVAL(&tv, &ts); 101 return (tvtohz(&tv)); 102 } 103 104 static int 105 seconds_to_pow2ns(int seconds) 106 { 107 uint64_t power; 108 uint64_t ns; 109 uint64_t shifted; 110 111 ns = ((uint64_t)seconds) * 1000000000ULL; 112 power = flsll(ns); 113 shifted = 1ULL << power; 114 if (shifted <= ns) { 115 power++; 116 } 117 return (power); 118 } 119 120 int 121 wdog_kern_pat(u_int utim) 122 { 123 int error; 124 static int first = 1; 125 126 if ((utim & WD_LASTVAL) != 0 && (utim & WD_INTERVAL) > 0) 127 return (EINVAL); 128 129 if ((utim & WD_LASTVAL) != 0) { 130 /* 131 * if WD_LASTVAL is set, fill in the bits for timeout 132 * from the saved value in wd_last_u. 133 */ 134 MPASS((wd_last_u & ~WD_INTERVAL) == 0); 135 utim &= ~WD_LASTVAL; 136 utim |= wd_last_u; 137 } else { 138 /* 139 * Otherwise save the new interval. 140 * This can be zero (to disable the watchdog) 141 */ 142 wd_last_u = (utim & WD_INTERVAL); 143 wd_last_u_sysctl = wd_last_u; 144 wd_last_u_sysctl_secs = pow2ns_to_ticks(wd_last_u) / hz; 145 } 146 if ((utim & WD_INTERVAL) == WD_TO_NEVER) { 147 utim = 0; 148 149 /* Assume all is well; watchdog signals failure. */ 150 error = 0; 151 } else { 152 /* Assume no watchdog available; watchdog flags success */ 153 error = EOPNOTSUPP; 154 } 155 if (wd_softtimer) { 156 if (utim == 0) { 157 callout_stop(&wd_softtimeo_handle); 158 } else { 159 (void) callout_reset(&wd_softtimeo_handle, 160 pow2ns_to_ticks(utim), wd_timeout_cb, "soft"); 161 } 162 error = 0; 163 } else { 164 EVENTHANDLER_INVOKE(watchdog_list, utim, &error); 165 } 166 /* 167 * If we no hardware watchdog responded, we have not tried to 168 * attach an external software watchdog, and one is available, 169 * attach it now and retry. 170 */ 171 if (error == EOPNOTSUPP && first && *wdog_software_attach != NULL) { 172 (*wdog_software_attach)(); 173 EVENTHANDLER_INVOKE(watchdog_list, utim, &error); 174 } 175 first = 0; 176 177 wd_set_pretimeout(wd_pretimeout, true); 178 /* 179 * If we were able to arm/strobe the watchdog, then 180 * update the last time it was strobed for WDIOC_GETTIMELEFT 181 */ 182 if (!error) { 183 struct timespec ts; 184 185 error = kern_clock_gettime(curthread /* XXX */, 186 CLOCK_MONOTONIC_FAST, &ts); 187 if (!error) { 188 wd_lastpat = ts.tv_sec; 189 wd_lastpat_valid = 1; 190 } 191 } 192 return (error); 193 } 194 195 static int 196 wd_valid_act(int act) 197 { 198 199 if ((act & ~(WD_SOFT_MASK)) != 0) 200 return false; 201 return true; 202 } 203 204 static int 205 wd_ioctl_patpat(caddr_t data) 206 { 207 u_int u; 208 209 u = *(u_int *)data; 210 if (u & ~(WD_ACTIVE | WD_PASSIVE | WD_LASTVAL | WD_INTERVAL)) 211 return (EINVAL); 212 if ((u & (WD_ACTIVE | WD_PASSIVE)) == (WD_ACTIVE | WD_PASSIVE)) 213 return (EINVAL); 214 if ((u & (WD_ACTIVE | WD_PASSIVE)) == 0 && ((u & WD_INTERVAL) > 0 || 215 (u & WD_LASTVAL) != 0)) 216 return (EINVAL); 217 if (u & WD_PASSIVE) 218 return (ENOSYS); /* XXX Not implemented yet */ 219 u &= ~(WD_ACTIVE | WD_PASSIVE); 220 221 return (wdog_kern_pat(u)); 222 } 223 224 static int 225 wd_get_time_left(struct thread *td, time_t *remainp) 226 { 227 struct timespec ts; 228 int error; 229 230 error = kern_clock_gettime(td, CLOCK_MONOTONIC_FAST, &ts); 231 if (error) 232 return (error); 233 if (!wd_lastpat_valid) 234 return (ENOENT); 235 *remainp = ts.tv_sec - wd_lastpat; 236 return (0); 237 } 238 239 static void 240 wd_timeout_cb(void *arg) 241 { 242 const char *type = arg; 243 244 #ifdef DDB 245 if ((wd_pretimeout_act & WD_SOFT_DDB)) { 246 char kdb_why[80]; 247 snprintf(kdb_why, sizeof(kdb_why), "watchdog %s-timeout", type); 248 kdb_backtrace(); 249 kdb_enter(KDB_WHY_WATCHDOG, kdb_why); 250 } 251 #endif 252 if ((wd_pretimeout_act & WD_SOFT_LOG)) 253 log(LOG_EMERG, "watchdog %s-timeout, WD_SOFT_LOG\n", type); 254 if ((wd_pretimeout_act & WD_SOFT_PRINTF)) 255 printf("watchdog %s-timeout, WD_SOFT_PRINTF\n", type); 256 if ((wd_pretimeout_act & WD_SOFT_PANIC)) 257 panic("watchdog %s-timeout, WD_SOFT_PANIC set", type); 258 } 259 260 /* 261 * Called to manage timeouts. 262 * newtimeout needs to be in the range of 0 to actual watchdog timeout. 263 * if 0, we disable the pre-timeout. 264 * otherwise we set the pre-timeout provided it's not greater than the 265 * current actual watchdog timeout. 266 */ 267 static int 268 wd_set_pretimeout(int newtimeout, int disableiftoolong) 269 { 270 u_int utime; 271 struct timespec utime_ts; 272 int timeout_ticks; 273 274 utime = wdog_kern_last_timeout(); 275 pow2ns_to_ts(utime, &utime_ts); 276 /* do not permit a pre-timeout >= than the timeout. */ 277 if (newtimeout >= utime_ts.tv_sec) { 278 /* 279 * If 'disableiftoolong' then just fall through 280 * so as to disable the pre-watchdog 281 */ 282 if (disableiftoolong) 283 newtimeout = 0; 284 else 285 return EINVAL; 286 } 287 288 /* disable the pre-timeout */ 289 if (newtimeout == 0) { 290 wd_pretimeout = 0; 291 callout_stop(&wd_pretimeo_handle); 292 return 0; 293 } 294 295 timeout_ticks = pow2ns_to_ticks(utime) - (hz*newtimeout); 296 #if 0 297 printf("wd_set_pretimeout: " 298 "newtimeout: %d, " 299 "utime: %d -> utime_ticks: %d, " 300 "hz*newtimeout: %d, " 301 "timeout_ticks: %d -> sec: %d\n", 302 newtimeout, 303 utime, pow2ns_to_ticks(utime), 304 hz*newtimeout, 305 timeout_ticks, timeout_ticks / hz); 306 #endif 307 308 /* We determined the value is sane, so reset the callout */ 309 (void) callout_reset(&wd_pretimeo_handle, 310 timeout_ticks, wd_timeout_cb, "pre"); 311 wd_pretimeout = newtimeout; 312 return 0; 313 } 314 315 static int 316 wd_ioctl(struct cdev *dev __unused, u_long cmd, caddr_t data, 317 int flags __unused, struct thread *td) 318 { 319 u_int u; 320 time_t timeleft; 321 int error; 322 323 error = 0; 324 325 switch (cmd) { 326 case WDIOC_SETSOFT: 327 u = *(int *)data; 328 /* do nothing? */ 329 if (u == wd_softtimer) 330 break; 331 /* If there is a pending timeout disallow this ioctl */ 332 if (wd_last_u != 0) { 333 error = EINVAL; 334 break; 335 } 336 wd_softtimer = u; 337 break; 338 case WDIOC_SETSOFTTIMEOUTACT: 339 u = *(int *)data; 340 if (wd_valid_act(u)) { 341 wd_softtimeout_act = u; 342 } else { 343 error = EINVAL; 344 } 345 break; 346 case WDIOC_SETPRETIMEOUTACT: 347 u = *(int *)data; 348 if (wd_valid_act(u)) { 349 wd_pretimeout_act = u; 350 } else { 351 error = EINVAL; 352 } 353 break; 354 case WDIOC_GETPRETIMEOUT: 355 *(int *)data = (int)wd_pretimeout; 356 break; 357 case WDIOC_SETPRETIMEOUT: 358 error = wd_set_pretimeout(*(int *)data, false); 359 break; 360 case WDIOC_GETTIMELEFT: 361 error = wd_get_time_left(td, &timeleft); 362 if (error) 363 break; 364 *(int *)data = (int)timeleft; 365 break; 366 case WDIOC_SETTIMEOUT: 367 u = *(u_int *)data; 368 error = wdog_kern_pat(seconds_to_pow2ns(u)); 369 break; 370 case WDIOC_GETTIMEOUT: 371 u = wdog_kern_last_timeout(); 372 *(u_int *)data = u; 373 break; 374 case WDIOCPATPAT: 375 error = wd_ioctl_patpat(data); 376 break; 377 default: 378 error = ENOIOCTL; 379 break; 380 } 381 return (error); 382 } 383 384 /* 385 * Return the last timeout set, this is NOT the seconds from NOW until timeout, 386 * rather it is the amount of seconds passed to WDIOCPATPAT/WDIOC_SETTIMEOUT. 387 */ 388 u_int 389 wdog_kern_last_timeout(void) 390 { 391 392 return (wd_last_u); 393 } 394 395 static struct cdevsw wd_cdevsw = { 396 .d_version = D_VERSION, 397 .d_ioctl = wd_ioctl, 398 .d_name = "watchdog", 399 }; 400 401 static int 402 watchdog_modevent(module_t mod __unused, int type, void *data __unused) 403 { 404 switch(type) { 405 case MOD_LOAD: 406 callout_init(&wd_pretimeo_handle, 1); 407 callout_init(&wd_softtimeo_handle, 1); 408 wd_dev = make_dev(&wd_cdevsw, 0, 409 UID_ROOT, GID_WHEEL, 0600, _PATH_WATCHDOG); 410 return 0; 411 case MOD_UNLOAD: 412 callout_stop(&wd_pretimeo_handle); 413 callout_stop(&wd_softtimeo_handle); 414 callout_drain(&wd_pretimeo_handle); 415 callout_drain(&wd_softtimeo_handle); 416 destroy_dev(wd_dev); 417 return 0; 418 case MOD_SHUTDOWN: 419 return 0; 420 default: 421 return EOPNOTSUPP; 422 } 423 } 424 425 DEV_MODULE(watchdog, watchdog_modevent, NULL); 426