xref: /linux/drivers/watchdog/watchdog_dev.c (revision 51a8f9d7f587290944d6fc733d1f897091c63159)
1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  *	watchdog_dev.c
4  *
5  *	(c) Copyright 2008-2011 Alan Cox <alan@lxorguk.ukuu.org.uk>,
6  *						All Rights Reserved.
7  *
8  *	(c) Copyright 2008-2011 Wim Van Sebroeck <wim@iguana.be>.
9  *
10  *	(c) Copyright 2021 Hewlett Packard Enterprise Development LP.
11  *
12  *	This source code is part of the generic code that can be used
13  *	by all the watchdog timer drivers.
14  *
15  *	This part of the generic code takes care of the following
16  *	misc device: /dev/watchdog.
17  *
18  *	Based on source code of the following authors:
19  *	  Matt Domsch <Matt_Domsch@dell.com>,
20  *	  Rob Radez <rob@osinvestor.com>,
21  *	  Rusty Lynch <rusty@linux.co.intel.com>
22  *	  Satyam Sharma <satyam@infradead.org>
23  *	  Randy Dunlap <randy.dunlap@oracle.com>
24  *
25  *	Neither Alan Cox, CymruNet Ltd., Wim Van Sebroeck nor Iguana vzw.
26  *	admit liability nor provide warranty for any of this software.
27  *	This material is provided "AS-IS" and at no charge.
28  */
29 
30 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
31 
32 #include <linux/cdev.h>		/* For character device */
33 #include <linux/errno.h>	/* For the -ENODEV/... values */
34 #include <linux/fs.h>		/* For file operations */
35 #include <linux/init.h>		/* For __init/__exit/... */
36 #include <linux/hrtimer.h>	/* For hrtimers */
37 #include <linux/kernel.h>	/* For printk/panic/... */
38 #include <linux/kthread.h>	/* For kthread_work */
39 #include <linux/miscdevice.h>	/* For handling misc devices */
40 #include <linux/module.h>	/* For module stuff/... */
41 #include <linux/mutex.h>	/* For mutexes */
42 #include <linux/slab.h>		/* For memory functions */
43 #include <linux/types.h>	/* For standard types (like size_t) */
44 #include <linux/watchdog.h>	/* For watchdog specific items */
45 #include <linux/uaccess.h>	/* For copy_to_user/put_user/... */
46 
47 #include "watchdog_core.h"
48 #include "watchdog_pretimeout.h"
49 
50 #include <trace/events/watchdog.h>
51 
52 /* the dev_t structure to store the dynamically allocated watchdog devices */
53 static dev_t watchdog_devt;
54 /* Reference to watchdog device behind /dev/watchdog */
55 static struct watchdog_core_data *old_wd_data;
56 
57 static struct kthread_worker *watchdog_kworker;
58 
59 static bool handle_boot_enabled =
60 	IS_ENABLED(CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED);
61 
62 static unsigned open_timeout = CONFIG_WATCHDOG_OPEN_TIMEOUT;
63 
64 static bool watchdog_past_open_deadline(struct watchdog_core_data *data)
65 {
66 	return ktime_after(ktime_get(), data->open_deadline);
67 }
68 
69 static void watchdog_set_open_deadline(struct watchdog_core_data *data)
70 {
71 	data->open_deadline = open_timeout ?
72 		ktime_get() + ktime_set(open_timeout, 0) : KTIME_MAX;
73 }
74 
75 static inline bool watchdog_need_worker(struct watchdog_device *wdd)
76 {
77 	/* All variables in milli-seconds */
78 	unsigned int hm = wdd->max_hw_heartbeat_ms;
79 	unsigned int t = wdd->timeout * 1000;
80 
81 	/*
82 	 * A worker to generate heartbeat requests is needed if all of the
83 	 * following conditions are true.
84 	 * - Userspace activated the watchdog.
85 	 * - The driver provided a value for the maximum hardware timeout, and
86 	 *   thus is aware that the framework supports generating heartbeat
87 	 *   requests.
88 	 * - Userspace requests a longer timeout than the hardware can handle.
89 	 *
90 	 * Alternatively, if userspace has not opened the watchdog
91 	 * device, we take care of feeding the watchdog if it is
92 	 * running.
93 	 */
94 	return (hm && watchdog_active(wdd) && t > hm) ||
95 		(t && !watchdog_active(wdd) && watchdog_hw_running(wdd));
96 }
97 
98 static ktime_t watchdog_next_keepalive(struct watchdog_device *wdd)
99 {
100 	struct watchdog_core_data *wd_data = wdd->wd_data;
101 	unsigned int timeout_ms = wdd->timeout * 1000;
102 	ktime_t keepalive_interval;
103 	ktime_t last_heartbeat, latest_heartbeat;
104 	ktime_t virt_timeout;
105 	unsigned int hw_heartbeat_ms;
106 
107 	if (watchdog_active(wdd))
108 		virt_timeout = ktime_add(wd_data->last_keepalive,
109 					 ms_to_ktime(timeout_ms));
110 	else
111 		virt_timeout = wd_data->open_deadline;
112 
113 	hw_heartbeat_ms = min_not_zero(timeout_ms, wdd->max_hw_heartbeat_ms);
114 	keepalive_interval = ms_to_ktime(hw_heartbeat_ms / 2);
115 
116 	/*
117 	 * To ensure that the watchdog times out wdd->timeout seconds
118 	 * after the most recent ping from userspace, the last
119 	 * worker ping has to come in hw_heartbeat_ms before this timeout.
120 	 */
121 	last_heartbeat = ktime_sub(virt_timeout, ms_to_ktime(hw_heartbeat_ms));
122 	latest_heartbeat = ktime_sub(last_heartbeat, ktime_get());
123 	if (ktime_before(latest_heartbeat, keepalive_interval))
124 		return latest_heartbeat;
125 	return keepalive_interval;
126 }
127 
128 static inline void watchdog_update_worker(struct watchdog_device *wdd)
129 {
130 	struct watchdog_core_data *wd_data = wdd->wd_data;
131 
132 	if (watchdog_need_worker(wdd)) {
133 		ktime_t t = watchdog_next_keepalive(wdd);
134 
135 		if (t > 0)
136 			hrtimer_start(&wd_data->timer, t,
137 				      HRTIMER_MODE_REL_HARD);
138 	} else {
139 		hrtimer_cancel(&wd_data->timer);
140 	}
141 }
142 
143 static int __watchdog_ping(struct watchdog_device *wdd)
144 {
145 	struct watchdog_core_data *wd_data = wdd->wd_data;
146 	ktime_t earliest_keepalive, now;
147 	int err;
148 
149 	earliest_keepalive = ktime_add(wd_data->last_hw_keepalive,
150 				       ms_to_ktime(wdd->min_hw_heartbeat_ms));
151 	now = ktime_get();
152 
153 	if (ktime_after(earliest_keepalive, now)) {
154 		hrtimer_start(&wd_data->timer,
155 			      ktime_sub(earliest_keepalive, now),
156 			      HRTIMER_MODE_REL_HARD);
157 		return 0;
158 	}
159 
160 	wd_data->last_hw_keepalive = now;
161 
162 	if (wdd->ops->ping) {
163 		err = wdd->ops->ping(wdd);  /* ping the watchdog */
164 		trace_watchdog_ping(wdd, err);
165 	} else {
166 		err = wdd->ops->start(wdd); /* restart watchdog */
167 		trace_watchdog_start(wdd, err);
168 	}
169 
170 	if (err == 0)
171 		watchdog_hrtimer_pretimeout_start(wdd);
172 
173 	watchdog_update_worker(wdd);
174 
175 	return err;
176 }
177 
178 /*
179  * watchdog_ping - ping the watchdog
180  * @wdd: The watchdog device to ping
181  *
182  * If the watchdog has no own ping operation then it needs to be
183  * restarted via the start operation. This wrapper function does
184  * exactly that.
185  * We only ping when the watchdog device is running.
186  * The caller must hold wd_data->lock.
187  *
188  * Return: 0 on success, error otherwise.
189  */
190 static int watchdog_ping(struct watchdog_device *wdd)
191 {
192 	struct watchdog_core_data *wd_data = wdd->wd_data;
193 
194 	if (!watchdog_active(wdd) && !watchdog_hw_running(wdd))
195 		return 0;
196 
197 	set_bit(_WDOG_KEEPALIVE, &wd_data->status);
198 
199 	wd_data->last_keepalive = ktime_get();
200 	return __watchdog_ping(wdd);
201 }
202 
203 static bool watchdog_worker_should_ping(struct watchdog_core_data *wd_data)
204 {
205 	struct watchdog_device *wdd = wd_data->wdd;
206 
207 	if (!wdd)
208 		return false;
209 
210 	if (watchdog_active(wdd))
211 		return true;
212 
213 	return watchdog_hw_running(wdd) && !watchdog_past_open_deadline(wd_data);
214 }
215 
216 static void watchdog_ping_work(struct kthread_work *work)
217 {
218 	struct watchdog_core_data *wd_data;
219 
220 	wd_data = container_of(work, struct watchdog_core_data, work);
221 
222 	mutex_lock(&wd_data->lock);
223 	if (watchdog_worker_should_ping(wd_data))
224 		__watchdog_ping(wd_data->wdd);
225 	mutex_unlock(&wd_data->lock);
226 }
227 
228 static enum hrtimer_restart watchdog_timer_expired(struct hrtimer *timer)
229 {
230 	struct watchdog_core_data *wd_data;
231 
232 	wd_data = container_of(timer, struct watchdog_core_data, timer);
233 
234 	kthread_queue_work(watchdog_kworker, &wd_data->work);
235 	return HRTIMER_NORESTART;
236 }
237 
238 /*
239  * watchdog_start - wrapper to start the watchdog
240  * @wdd: The watchdog device to start
241  *
242  * Start the watchdog if it is not active and mark it active.
243  * The caller must hold wd_data->lock.
244  *
245  * Return: 0 on success or a negative errno code for failure.
246  */
247 static int watchdog_start(struct watchdog_device *wdd)
248 {
249 	struct watchdog_core_data *wd_data = wdd->wd_data;
250 	ktime_t started_at;
251 	int err;
252 
253 	if (watchdog_active(wdd))
254 		return 0;
255 
256 	set_bit(_WDOG_KEEPALIVE, &wd_data->status);
257 
258 	started_at = ktime_get();
259 	if (watchdog_hw_running(wdd) && wdd->ops->ping) {
260 		err = __watchdog_ping(wdd);
261 		if (err == 0) {
262 			set_bit(WDOG_ACTIVE, &wdd->status);
263 			watchdog_hrtimer_pretimeout_start(wdd);
264 		}
265 	} else {
266 		err = wdd->ops->start(wdd);
267 		trace_watchdog_start(wdd, err);
268 		if (err == 0) {
269 			set_bit(WDOG_ACTIVE, &wdd->status);
270 			wd_data->last_keepalive = started_at;
271 			wd_data->last_hw_keepalive = started_at;
272 			watchdog_update_worker(wdd);
273 			watchdog_hrtimer_pretimeout_start(wdd);
274 		}
275 	}
276 
277 	return err;
278 }
279 
280 /*
281  * watchdog_stop - wrapper to stop the watchdog
282  * @wdd: The watchdog device to stop
283  *
284  * Stop the watchdog if it is still active and unmark it active.
285  * If the 'nowayout' feature was set, the watchdog cannot be stopped.
286  * The caller must hold wd_data->lock.
287  *
288  * Return: 0 on success or a negative errno code for failure.
289  */
290 static int watchdog_stop(struct watchdog_device *wdd)
291 {
292 	int err = 0;
293 
294 	if (!watchdog_active(wdd))
295 		return 0;
296 
297 	if (test_bit(WDOG_NO_WAY_OUT, &wdd->status)) {
298 		pr_info("watchdog%d: nowayout prevents watchdog being stopped!\n",
299 			wdd->id);
300 		return -EBUSY;
301 	}
302 
303 	if (wdd->ops->stop) {
304 		clear_bit(WDOG_HW_RUNNING, &wdd->status);
305 		err = wdd->ops->stop(wdd);
306 		trace_watchdog_stop(wdd, err);
307 	} else {
308 		set_bit(WDOG_HW_RUNNING, &wdd->status);
309 	}
310 
311 	if (err == 0) {
312 		clear_bit(WDOG_ACTIVE, &wdd->status);
313 		watchdog_update_worker(wdd);
314 		watchdog_hrtimer_pretimeout_stop(wdd);
315 	}
316 
317 	return err;
318 }
319 
320 /*
321  * watchdog_get_status - wrapper to get the watchdog status
322  * @wdd: The watchdog device to get the status from
323  *
324  * Get the watchdog's status flags.
325  * The caller must hold wd_data->lock.
326  *
327  * Return: watchdog's status flags.
328  */
329 static unsigned int watchdog_get_status(struct watchdog_device *wdd)
330 {
331 	struct watchdog_core_data *wd_data = wdd->wd_data;
332 	unsigned int status;
333 
334 	if (wdd->ops->status)
335 		status = wdd->ops->status(wdd);
336 	else
337 		status = wdd->bootstatus & (WDIOF_CARDRESET |
338 					    WDIOF_OVERHEAT |
339 					    WDIOF_FANFAULT |
340 					    WDIOF_EXTERN1 |
341 					    WDIOF_EXTERN2 |
342 					    WDIOF_POWERUNDER |
343 					    WDIOF_POWEROVER);
344 
345 	if (test_bit(_WDOG_ALLOW_RELEASE, &wd_data->status))
346 		status |= WDIOF_MAGICCLOSE;
347 
348 	if (test_and_clear_bit(_WDOG_KEEPALIVE, &wd_data->status))
349 		status |= WDIOF_KEEPALIVEPING;
350 
351 	if (IS_ENABLED(CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT))
352 		status |= WDIOF_PRETIMEOUT;
353 
354 	return status;
355 }
356 
357 /*
358  * watchdog_set_timeout - set the watchdog timer timeout
359  * @wdd:	The watchdog device to set the timeout for
360  * @timeout:	Timeout to set in seconds
361  *
362  * The caller must hold wd_data->lock.
363  *
364  * Return: 0 if successful, error otherwise.
365  */
366 static int watchdog_set_timeout(struct watchdog_device *wdd,
367 							unsigned int timeout)
368 {
369 	int err = 0;
370 
371 	if (!(wdd->info->options & WDIOF_SETTIMEOUT))
372 		return -EOPNOTSUPP;
373 
374 	if (watchdog_timeout_invalid(wdd, timeout))
375 		return -EINVAL;
376 
377 	if (wdd->ops->set_timeout) {
378 		err = wdd->ops->set_timeout(wdd, timeout);
379 		trace_watchdog_set_timeout(wdd, timeout, err);
380 	} else {
381 		wdd->timeout = timeout;
382 		/* Disable pretimeout if it doesn't fit the new timeout */
383 		if (wdd->pretimeout >= wdd->timeout)
384 			wdd->pretimeout = 0;
385 	}
386 
387 	watchdog_update_worker(wdd);
388 
389 	return err;
390 }
391 
392 /*
393  * watchdog_set_pretimeout - set the watchdog timer pretimeout
394  * @wdd:	The watchdog device to set the timeout for
395  * @timeout:	pretimeout to set in seconds
396  *
397  * Return: 0 if successful, error otherwise.
398  */
399 static int watchdog_set_pretimeout(struct watchdog_device *wdd,
400 				   unsigned int timeout)
401 {
402 	int err = 0;
403 
404 	if (!watchdog_have_pretimeout(wdd))
405 		return -EOPNOTSUPP;
406 
407 	if (watchdog_pretimeout_invalid(wdd, timeout))
408 		return -EINVAL;
409 
410 	if (wdd->ops->set_pretimeout && (wdd->info->options & WDIOF_PRETIMEOUT))
411 		err = wdd->ops->set_pretimeout(wdd, timeout);
412 	else
413 		wdd->pretimeout = timeout;
414 
415 	return err;
416 }
417 
418 /*
419  * watchdog_get_timeleft - wrapper to get the time left before a reboot
420  * @wdd:	The watchdog device to get the remaining time from
421  * @timeleft:	The time that's left
422  *
423  * Get the time before a watchdog will reboot (if not pinged).
424  * The caller must hold wd_data->lock.
425  *
426  * Return: 0 if successful, error otherwise.
427  */
428 static int watchdog_get_timeleft(struct watchdog_device *wdd,
429 							unsigned int *timeleft)
430 {
431 	*timeleft = 0;
432 
433 	if (!wdd->ops->get_timeleft)
434 		return -EOPNOTSUPP;
435 
436 	*timeleft = wdd->ops->get_timeleft(wdd);
437 
438 	return 0;
439 }
440 
441 #ifdef CONFIG_WATCHDOG_SYSFS
442 static ssize_t nowayout_show(struct device *dev, struct device_attribute *attr,
443 				char *buf)
444 {
445 	struct watchdog_device *wdd = dev_get_drvdata(dev);
446 
447 	return sysfs_emit(buf, "%d\n", !!test_bit(WDOG_NO_WAY_OUT,
448 						  &wdd->status));
449 }
450 
451 static ssize_t nowayout_store(struct device *dev, struct device_attribute *attr,
452 				const char *buf, size_t len)
453 {
454 	struct watchdog_device *wdd = dev_get_drvdata(dev);
455 	unsigned int value;
456 	int ret;
457 
458 	ret = kstrtouint(buf, 0, &value);
459 	if (ret)
460 		return ret;
461 	if (value > 1)
462 		return -EINVAL;
463 	/* nowayout cannot be disabled once set */
464 	if (test_bit(WDOG_NO_WAY_OUT, &wdd->status) && !value)
465 		return -EPERM;
466 	watchdog_set_nowayout(wdd, value);
467 	return len;
468 }
469 static DEVICE_ATTR_RW(nowayout);
470 
471 static ssize_t status_show(struct device *dev, struct device_attribute *attr,
472 				char *buf)
473 {
474 	struct watchdog_device *wdd = dev_get_drvdata(dev);
475 	struct watchdog_core_data *wd_data = wdd->wd_data;
476 	unsigned int status;
477 
478 	mutex_lock(&wd_data->lock);
479 	status = watchdog_get_status(wdd);
480 	mutex_unlock(&wd_data->lock);
481 
482 	return sysfs_emit(buf, "0x%x\n", status);
483 }
484 static DEVICE_ATTR_RO(status);
485 
486 static ssize_t bootstatus_show(struct device *dev,
487 				struct device_attribute *attr, char *buf)
488 {
489 	struct watchdog_device *wdd = dev_get_drvdata(dev);
490 
491 	return sysfs_emit(buf, "%u\n", wdd->bootstatus);
492 }
493 static DEVICE_ATTR_RO(bootstatus);
494 
495 static ssize_t timeleft_show(struct device *dev, struct device_attribute *attr,
496 				char *buf)
497 {
498 	struct watchdog_device *wdd = dev_get_drvdata(dev);
499 	struct watchdog_core_data *wd_data = wdd->wd_data;
500 	ssize_t status;
501 	unsigned int val;
502 
503 	mutex_lock(&wd_data->lock);
504 	status = watchdog_get_timeleft(wdd, &val);
505 	mutex_unlock(&wd_data->lock);
506 	if (!status)
507 		status = sysfs_emit(buf, "%u\n", val);
508 
509 	return status;
510 }
511 static DEVICE_ATTR_RO(timeleft);
512 
513 static ssize_t timeout_show(struct device *dev, struct device_attribute *attr,
514 				char *buf)
515 {
516 	struct watchdog_device *wdd = dev_get_drvdata(dev);
517 
518 	return sysfs_emit(buf, "%u\n", wdd->timeout);
519 }
520 static DEVICE_ATTR_RO(timeout);
521 
522 static ssize_t min_timeout_show(struct device *dev,
523 				struct device_attribute *attr, char *buf)
524 {
525 	struct watchdog_device *wdd = dev_get_drvdata(dev);
526 
527 	return sysfs_emit(buf, "%u\n", wdd->min_timeout);
528 }
529 static DEVICE_ATTR_RO(min_timeout);
530 
531 static ssize_t max_timeout_show(struct device *dev,
532 				struct device_attribute *attr, char *buf)
533 {
534 	struct watchdog_device *wdd = dev_get_drvdata(dev);
535 
536 	return sysfs_emit(buf, "%u\n", wdd->max_timeout);
537 }
538 static DEVICE_ATTR_RO(max_timeout);
539 
540 static ssize_t pretimeout_show(struct device *dev,
541 			       struct device_attribute *attr, char *buf)
542 {
543 	struct watchdog_device *wdd = dev_get_drvdata(dev);
544 
545 	return sysfs_emit(buf, "%u\n", wdd->pretimeout);
546 }
547 static DEVICE_ATTR_RO(pretimeout);
548 
549 static ssize_t identity_show(struct device *dev, struct device_attribute *attr,
550 				char *buf)
551 {
552 	struct watchdog_device *wdd = dev_get_drvdata(dev);
553 
554 	return sysfs_emit(buf, "%s\n", wdd->info->identity);
555 }
556 static DEVICE_ATTR_RO(identity);
557 
558 static ssize_t state_show(struct device *dev, struct device_attribute *attr,
559 				char *buf)
560 {
561 	struct watchdog_device *wdd = dev_get_drvdata(dev);
562 
563 	if (watchdog_active(wdd))
564 		return sysfs_emit(buf, "active\n");
565 
566 	return sysfs_emit(buf, "inactive\n");
567 }
568 static DEVICE_ATTR_RO(state);
569 
570 static ssize_t pretimeout_available_governors_show(struct device *dev,
571 				   struct device_attribute *attr, char *buf)
572 {
573 	return watchdog_pretimeout_available_governors_get(buf);
574 }
575 static DEVICE_ATTR_RO(pretimeout_available_governors);
576 
577 static ssize_t pretimeout_governor_show(struct device *dev,
578 					struct device_attribute *attr,
579 					char *buf)
580 {
581 	struct watchdog_device *wdd = dev_get_drvdata(dev);
582 
583 	return watchdog_pretimeout_governor_get(wdd, buf);
584 }
585 
586 static ssize_t pretimeout_governor_store(struct device *dev,
587 					 struct device_attribute *attr,
588 					 const char *buf, size_t count)
589 {
590 	struct watchdog_device *wdd = dev_get_drvdata(dev);
591 	int ret = watchdog_pretimeout_governor_set(wdd, buf);
592 
593 	if (!ret)
594 		ret = count;
595 
596 	return ret;
597 }
598 static DEVICE_ATTR_RW(pretimeout_governor);
599 
600 static umode_t wdt_is_visible(struct kobject *kobj, struct attribute *attr,
601 				int n)
602 {
603 	struct device *dev = kobj_to_dev(kobj);
604 	struct watchdog_device *wdd = dev_get_drvdata(dev);
605 	umode_t mode = attr->mode;
606 
607 	if (attr == &dev_attr_timeleft.attr && !wdd->ops->get_timeleft)
608 		mode = 0;
609 	else if (attr == &dev_attr_pretimeout.attr && !watchdog_have_pretimeout(wdd))
610 		mode = 0;
611 	else if ((attr == &dev_attr_pretimeout_governor.attr ||
612 		  attr == &dev_attr_pretimeout_available_governors.attr) &&
613 		 (!watchdog_have_pretimeout(wdd) || !IS_ENABLED(CONFIG_WATCHDOG_PRETIMEOUT_GOV)))
614 		mode = 0;
615 
616 	return mode;
617 }
618 static struct attribute *wdt_attrs[] = {
619 	&dev_attr_state.attr,
620 	&dev_attr_identity.attr,
621 	&dev_attr_timeout.attr,
622 	&dev_attr_min_timeout.attr,
623 	&dev_attr_max_timeout.attr,
624 	&dev_attr_pretimeout.attr,
625 	&dev_attr_timeleft.attr,
626 	&dev_attr_bootstatus.attr,
627 	&dev_attr_status.attr,
628 	&dev_attr_nowayout.attr,
629 	&dev_attr_pretimeout_governor.attr,
630 	&dev_attr_pretimeout_available_governors.attr,
631 	NULL,
632 };
633 
634 static const struct attribute_group wdt_group = {
635 	.attrs = wdt_attrs,
636 	.is_visible = wdt_is_visible,
637 };
638 __ATTRIBUTE_GROUPS(wdt);
639 #else
640 #define wdt_groups	NULL
641 #endif
642 
643 /*
644  * watchdog_ioctl_op - call the watchdog drivers ioctl op if defined
645  * @wdd: The watchdog device to do the ioctl on
646  * @cmd: Watchdog command
647  * @arg: Argument pointer
648  *
649  * The caller must hold wd_data->lock.
650  *
651  * Return: 0 if successful, error otherwise.
652  */
653 static int watchdog_ioctl_op(struct watchdog_device *wdd, unsigned int cmd,
654 							unsigned long arg)
655 {
656 	if (!wdd->ops->ioctl)
657 		return -ENOIOCTLCMD;
658 
659 	return wdd->ops->ioctl(wdd, cmd, arg);
660 }
661 
662 /*
663  * watchdog_write - writes to the watchdog
664  * @file:	File from VFS
665  * @data:	User address of data
666  * @len:	Length of data
667  * @ppos:	Pointer to the file offset
668  *
669  * A write to a watchdog device is defined as a keepalive ping.
670  * Writing the magic 'V' sequence allows the next close to turn
671  * off the watchdog (if 'nowayout' is not set).
672  *
673  * Return: @len if successful, error otherwise.
674  */
675 static ssize_t watchdog_write(struct file *file, const char __user *data,
676 						size_t len, loff_t *ppos)
677 {
678 	struct watchdog_core_data *wd_data = file->private_data;
679 	struct watchdog_device *wdd;
680 	int err;
681 	size_t i;
682 	char c;
683 
684 	if (len == 0)
685 		return 0;
686 
687 	/*
688 	 * Note: just in case someone wrote the magic character
689 	 * five months ago...
690 	 */
691 	clear_bit(_WDOG_ALLOW_RELEASE, &wd_data->status);
692 
693 	/* scan to see whether or not we got the magic character */
694 	for (i = 0; i != len; i++) {
695 		if (get_user(c, data + i))
696 			return -EFAULT;
697 		if (c == 'V')
698 			set_bit(_WDOG_ALLOW_RELEASE, &wd_data->status);
699 	}
700 
701 	/* someone wrote to us, so we send the watchdog a keepalive ping */
702 
703 	err = -ENODEV;
704 	mutex_lock(&wd_data->lock);
705 	wdd = wd_data->wdd;
706 	if (wdd)
707 		err = watchdog_ping(wdd);
708 	mutex_unlock(&wd_data->lock);
709 
710 	if (err < 0)
711 		return err;
712 
713 	return len;
714 }
715 
716 /*
717  * watchdog_ioctl - handle the different ioctl's for the watchdog device
718  * @file:	File handle to the device
719  * @cmd:	Watchdog command
720  * @arg:	Argument pointer
721  *
722  * The watchdog API defines a common set of functions for all watchdogs
723  * according to their available features.
724  *
725  * Return: 0 if successful, error otherwise.
726  */
727 
728 static long watchdog_ioctl(struct file *file, unsigned int cmd,
729 							unsigned long arg)
730 {
731 	struct watchdog_core_data *wd_data = file->private_data;
732 	void __user *argp = (void __user *)arg;
733 	struct watchdog_device *wdd;
734 	int __user *p = argp;
735 	unsigned int val;
736 	int err;
737 
738 	mutex_lock(&wd_data->lock);
739 
740 	wdd = wd_data->wdd;
741 	if (!wdd) {
742 		err = -ENODEV;
743 		goto out_ioctl;
744 	}
745 
746 	err = watchdog_ioctl_op(wdd, cmd, arg);
747 	if (err != -ENOIOCTLCMD)
748 		goto out_ioctl;
749 
750 	switch (cmd) {
751 	case WDIOC_GETSUPPORT:
752 		err = copy_to_user(argp, wdd->info,
753 			sizeof(struct watchdog_info)) ? -EFAULT : 0;
754 		break;
755 	case WDIOC_GETSTATUS:
756 		val = watchdog_get_status(wdd);
757 		err = put_user(val, p);
758 		break;
759 	case WDIOC_GETBOOTSTATUS:
760 		err = put_user(wdd->bootstatus, p);
761 		break;
762 	case WDIOC_SETOPTIONS:
763 		if (get_user(val, p)) {
764 			err = -EFAULT;
765 			break;
766 		}
767 		if (val & WDIOS_DISABLECARD) {
768 			err = watchdog_stop(wdd);
769 			if (err < 0)
770 				break;
771 		}
772 		if (val & WDIOS_ENABLECARD)
773 			err = watchdog_start(wdd);
774 		break;
775 	case WDIOC_KEEPALIVE:
776 		if (!(wdd->info->options & WDIOF_KEEPALIVEPING)) {
777 			err = -EOPNOTSUPP;
778 			break;
779 		}
780 		err = watchdog_ping(wdd);
781 		break;
782 	case WDIOC_SETTIMEOUT:
783 		if (get_user(val, p)) {
784 			err = -EFAULT;
785 			break;
786 		}
787 		err = watchdog_set_timeout(wdd, val);
788 		if (err < 0)
789 			break;
790 		/* If the watchdog is active then we send a keepalive ping
791 		 * to make sure that the watchdog keep's running (and if
792 		 * possible that it takes the new timeout) */
793 		err = watchdog_ping(wdd);
794 		if (err < 0)
795 			break;
796 		fallthrough;
797 	case WDIOC_GETTIMEOUT:
798 		/* timeout == 0 means that we don't know the timeout */
799 		if (wdd->timeout == 0) {
800 			err = -EOPNOTSUPP;
801 			break;
802 		}
803 		err = put_user(wdd->timeout, p);
804 		break;
805 	case WDIOC_GETTIMELEFT:
806 		err = watchdog_get_timeleft(wdd, &val);
807 		if (err < 0)
808 			break;
809 		err = put_user(val, p);
810 		break;
811 	case WDIOC_SETPRETIMEOUT:
812 		if (get_user(val, p)) {
813 			err = -EFAULT;
814 			break;
815 		}
816 		err = watchdog_set_pretimeout(wdd, val);
817 		break;
818 	case WDIOC_GETPRETIMEOUT:
819 		err = put_user(wdd->pretimeout, p);
820 		break;
821 	default:
822 		err = -ENOTTY;
823 		break;
824 	}
825 
826 out_ioctl:
827 	mutex_unlock(&wd_data->lock);
828 	return err;
829 }
830 
831 /*
832  * watchdog_open - open the /dev/watchdog* devices
833  * @inode:	Inode of device
834  * @file:	File handle to device
835  *
836  * When the /dev/watchdog* device gets opened, we start the watchdog.
837  * Watch out: the /dev/watchdog device is single open, so we make sure
838  * it can only be opened once.
839  *
840  * Return: 0 if successful, error otherwise.
841  */
842 static int watchdog_open(struct inode *inode, struct file *file)
843 {
844 	struct watchdog_core_data *wd_data;
845 	struct watchdog_device *wdd;
846 	bool hw_running;
847 	int err;
848 
849 	/* Get the corresponding watchdog device */
850 	if (imajor(inode) == MISC_MAJOR)
851 		wd_data = old_wd_data;
852 	else
853 		wd_data = container_of(inode->i_cdev, struct watchdog_core_data,
854 				       cdev);
855 
856 	/* the watchdog is single open! */
857 	if (test_and_set_bit(_WDOG_DEV_OPEN, &wd_data->status))
858 		return -EBUSY;
859 
860 	wdd = wd_data->wdd;
861 
862 	/*
863 	 * If the /dev/watchdog device is open, we don't want the module
864 	 * to be unloaded.
865 	 */
866 	hw_running = watchdog_hw_running(wdd);
867 	if (!hw_running && !try_module_get(wdd->ops->owner)) {
868 		err = -EBUSY;
869 		goto out_clear;
870 	}
871 
872 	err = watchdog_start(wdd);
873 	if (err < 0)
874 		goto out_mod;
875 
876 	file->private_data = wd_data;
877 
878 	if (!hw_running)
879 		get_device(&wd_data->dev);
880 
881 	/*
882 	 * open_timeout only applies for the first open from
883 	 * userspace. Set open_deadline to infinity so that the kernel
884 	 * will take care of an always-running hardware watchdog in
885 	 * case the device gets magic-closed or WDIOS_DISABLECARD is
886 	 * applied.
887 	 */
888 	wd_data->open_deadline = KTIME_MAX;
889 
890 	/* dev/watchdog is a virtual (and thus non-seekable) filesystem */
891 	return stream_open(inode, file);
892 
893 out_mod:
894 	module_put(wd_data->wdd->ops->owner);
895 out_clear:
896 	clear_bit(_WDOG_DEV_OPEN, &wd_data->status);
897 	return err;
898 }
899 
900 static void watchdog_core_data_release(struct device *dev)
901 {
902 	struct watchdog_core_data *wd_data;
903 
904 	wd_data = container_of(dev, struct watchdog_core_data, dev);
905 
906 	kfree(wd_data);
907 }
908 
909 /*
910  * watchdog_release - release the watchdog device
911  * @inode:	Inode of device
912  * @file:	File handle to device
913  *
914  * This is the code for when /dev/watchdog gets closed. We will only
915  * stop the watchdog when we have received the magic char (and nowayout
916  * was not set), else the watchdog will keep running.
917  *
918  * Always returns 0.
919  */
920 static int watchdog_release(struct inode *inode, struct file *file)
921 {
922 	struct watchdog_core_data *wd_data = file->private_data;
923 	struct watchdog_device *wdd;
924 	int err = -EBUSY;
925 	bool running;
926 
927 	mutex_lock(&wd_data->lock);
928 
929 	wdd = wd_data->wdd;
930 	if (!wdd)
931 		goto done;
932 
933 	/*
934 	 * We only stop the watchdog if we received the magic character
935 	 * or if WDIOF_MAGICCLOSE is not set. If nowayout was set then
936 	 * watchdog_stop will fail.
937 	 */
938 	if (!watchdog_active(wdd))
939 		err = 0;
940 	else if (test_and_clear_bit(_WDOG_ALLOW_RELEASE, &wd_data->status) ||
941 		 !(wdd->info->options & WDIOF_MAGICCLOSE))
942 		err = watchdog_stop(wdd);
943 
944 	/* If the watchdog was not stopped, send a keepalive ping */
945 	if (err < 0) {
946 		pr_crit("watchdog%d: watchdog did not stop!\n", wdd->id);
947 		watchdog_ping(wdd);
948 	}
949 
950 	watchdog_update_worker(wdd);
951 
952 	/* make sure that /dev/watchdog can be re-opened */
953 	clear_bit(_WDOG_DEV_OPEN, &wd_data->status);
954 
955 done:
956 	running = wdd && watchdog_hw_running(wdd);
957 	mutex_unlock(&wd_data->lock);
958 	/*
959 	 * Allow the owner module to be unloaded again unless the watchdog
960 	 * is still running. If the watchdog is still running, it can not
961 	 * be stopped, and its driver must not be unloaded.
962 	 */
963 	if (!running) {
964 		module_put(wd_data->cdev.owner);
965 		put_device(&wd_data->dev);
966 	}
967 	return 0;
968 }
969 
970 static const struct file_operations watchdog_fops = {
971 	.owner		= THIS_MODULE,
972 	.write		= watchdog_write,
973 	.unlocked_ioctl	= watchdog_ioctl,
974 	.compat_ioctl	= compat_ptr_ioctl,
975 	.open		= watchdog_open,
976 	.release	= watchdog_release,
977 };
978 
979 static struct miscdevice watchdog_miscdev = {
980 	.minor		= WATCHDOG_MINOR,
981 	.name		= "watchdog",
982 	.fops		= &watchdog_fops,
983 };
984 
985 static struct class watchdog_class = {
986 	.name =		"watchdog",
987 	.owner =	THIS_MODULE,
988 	.dev_groups =	wdt_groups,
989 };
990 
991 /*
992  * watchdog_cdev_register - register watchdog character device
993  * @wdd: Watchdog device
994  *
995  * Register a watchdog character device including handling the legacy
996  * /dev/watchdog node. /dev/watchdog is actually a miscdevice and
997  * thus we set it up like that.
998  *
999  * Return: 0 if successful, error otherwise.
1000  */
1001 static int watchdog_cdev_register(struct watchdog_device *wdd)
1002 {
1003 	struct watchdog_core_data *wd_data;
1004 	int err;
1005 
1006 	wd_data = kzalloc(sizeof(struct watchdog_core_data), GFP_KERNEL);
1007 	if (!wd_data)
1008 		return -ENOMEM;
1009 	mutex_init(&wd_data->lock);
1010 
1011 	wd_data->wdd = wdd;
1012 	wdd->wd_data = wd_data;
1013 
1014 	if (IS_ERR_OR_NULL(watchdog_kworker)) {
1015 		kfree(wd_data);
1016 		return -ENODEV;
1017 	}
1018 
1019 	device_initialize(&wd_data->dev);
1020 	wd_data->dev.devt = MKDEV(MAJOR(watchdog_devt), wdd->id);
1021 	wd_data->dev.class = &watchdog_class;
1022 	wd_data->dev.parent = wdd->parent;
1023 	wd_data->dev.groups = wdd->groups;
1024 	wd_data->dev.release = watchdog_core_data_release;
1025 	dev_set_drvdata(&wd_data->dev, wdd);
1026 	err = dev_set_name(&wd_data->dev, "watchdog%d", wdd->id);
1027 	if (err) {
1028 		put_device(&wd_data->dev);
1029 		return err;
1030 	}
1031 
1032 	kthread_init_work(&wd_data->work, watchdog_ping_work);
1033 	hrtimer_init(&wd_data->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_HARD);
1034 	wd_data->timer.function = watchdog_timer_expired;
1035 	watchdog_hrtimer_pretimeout_init(wdd);
1036 
1037 	if (wdd->id == 0) {
1038 		old_wd_data = wd_data;
1039 		watchdog_miscdev.parent = wdd->parent;
1040 		err = misc_register(&watchdog_miscdev);
1041 		if (err != 0) {
1042 			pr_err("%s: cannot register miscdev on minor=%d (err=%d).\n",
1043 				wdd->info->identity, WATCHDOG_MINOR, err);
1044 			if (err == -EBUSY)
1045 				pr_err("%s: a legacy watchdog module is probably present.\n",
1046 					wdd->info->identity);
1047 			old_wd_data = NULL;
1048 			put_device(&wd_data->dev);
1049 			return err;
1050 		}
1051 	}
1052 
1053 	/* Fill in the data structures */
1054 	cdev_init(&wd_data->cdev, &watchdog_fops);
1055 
1056 	/* Add the device */
1057 	err = cdev_device_add(&wd_data->cdev, &wd_data->dev);
1058 	if (err) {
1059 		pr_err("watchdog%d unable to add device %d:%d\n",
1060 			wdd->id,  MAJOR(watchdog_devt), wdd->id);
1061 		if (wdd->id == 0) {
1062 			misc_deregister(&watchdog_miscdev);
1063 			old_wd_data = NULL;
1064 			put_device(&wd_data->dev);
1065 		}
1066 		return err;
1067 	}
1068 
1069 	wd_data->cdev.owner = wdd->ops->owner;
1070 
1071 	/* Record time of most recent heartbeat as 'just before now'. */
1072 	wd_data->last_hw_keepalive = ktime_sub(ktime_get(), 1);
1073 	watchdog_set_open_deadline(wd_data);
1074 
1075 	/*
1076 	 * If the watchdog is running, prevent its driver from being unloaded,
1077 	 * and schedule an immediate ping.
1078 	 */
1079 	if (watchdog_hw_running(wdd)) {
1080 		__module_get(wdd->ops->owner);
1081 		get_device(&wd_data->dev);
1082 		if (handle_boot_enabled)
1083 			hrtimer_start(&wd_data->timer, 0,
1084 				      HRTIMER_MODE_REL_HARD);
1085 		else
1086 			pr_info("watchdog%d running and kernel based pre-userspace handler disabled\n",
1087 				wdd->id);
1088 	}
1089 
1090 	return 0;
1091 }
1092 
1093 /*
1094  * watchdog_cdev_unregister - unregister watchdog character device
1095  * @wdd: Watchdog device
1096  *
1097  * Unregister watchdog character device and if needed the legacy
1098  * /dev/watchdog device.
1099  */
1100 static void watchdog_cdev_unregister(struct watchdog_device *wdd)
1101 {
1102 	struct watchdog_core_data *wd_data = wdd->wd_data;
1103 
1104 	cdev_device_del(&wd_data->cdev, &wd_data->dev);
1105 	if (wdd->id == 0) {
1106 		misc_deregister(&watchdog_miscdev);
1107 		old_wd_data = NULL;
1108 	}
1109 
1110 	if (watchdog_active(wdd) &&
1111 	    test_bit(WDOG_STOP_ON_UNREGISTER, &wdd->status)) {
1112 		watchdog_stop(wdd);
1113 	}
1114 
1115 	watchdog_hrtimer_pretimeout_stop(wdd);
1116 
1117 	mutex_lock(&wd_data->lock);
1118 	wd_data->wdd = NULL;
1119 	wdd->wd_data = NULL;
1120 	mutex_unlock(&wd_data->lock);
1121 
1122 	hrtimer_cancel(&wd_data->timer);
1123 	kthread_cancel_work_sync(&wd_data->work);
1124 
1125 	put_device(&wd_data->dev);
1126 }
1127 
1128 /**
1129  * watchdog_dev_register - register a watchdog device
1130  * @wdd: Watchdog device
1131  *
1132  * Register a watchdog device including handling the legacy
1133  * /dev/watchdog node. /dev/watchdog is actually a miscdevice and
1134  * thus we set it up like that.
1135  *
1136  * Return: 0 if successful, error otherwise.
1137  */
1138 int watchdog_dev_register(struct watchdog_device *wdd)
1139 {
1140 	int ret;
1141 
1142 	ret = watchdog_cdev_register(wdd);
1143 	if (ret)
1144 		return ret;
1145 
1146 	ret = watchdog_register_pretimeout(wdd);
1147 	if (ret)
1148 		watchdog_cdev_unregister(wdd);
1149 
1150 	return ret;
1151 }
1152 
1153 /**
1154  * watchdog_dev_unregister - unregister a watchdog device
1155  * @wdd: watchdog device
1156  *
1157  * Unregister watchdog device and if needed the legacy
1158  * /dev/watchdog device.
1159  */
1160 void watchdog_dev_unregister(struct watchdog_device *wdd)
1161 {
1162 	watchdog_unregister_pretimeout(wdd);
1163 	watchdog_cdev_unregister(wdd);
1164 }
1165 
1166 /**
1167  * watchdog_set_last_hw_keepalive - set last HW keepalive time for watchdog
1168  * @wdd:		Watchdog device
1169  * @last_ping_ms:	Time since last HW heartbeat
1170  *
1171  * Adjusts the last known HW keepalive time for a watchdog timer.
1172  * This is needed if the watchdog is already running when the probe
1173  * function is called, and it can't be pinged immediately. This
1174  * function must be called immediately after watchdog registration,
1175  * and min_hw_heartbeat_ms must be set for this to be useful.
1176  *
1177  * Return: 0 if successful, error otherwise.
1178  */
1179 int watchdog_set_last_hw_keepalive(struct watchdog_device *wdd,
1180 				   unsigned int last_ping_ms)
1181 {
1182 	struct watchdog_core_data *wd_data;
1183 	ktime_t now;
1184 
1185 	if (!wdd)
1186 		return -EINVAL;
1187 
1188 	wd_data = wdd->wd_data;
1189 
1190 	now = ktime_get();
1191 
1192 	wd_data->last_hw_keepalive = ktime_sub(now, ms_to_ktime(last_ping_ms));
1193 
1194 	if (watchdog_hw_running(wdd) && handle_boot_enabled)
1195 		return __watchdog_ping(wdd);
1196 
1197 	return 0;
1198 }
1199 EXPORT_SYMBOL_GPL(watchdog_set_last_hw_keepalive);
1200 
1201 /**
1202  * watchdog_dev_init - init dev part of watchdog core
1203  *
1204  * Allocate a range of chardev nodes to use for watchdog devices.
1205  *
1206  * Return: 0 if successful, error otherwise.
1207  */
1208 int __init watchdog_dev_init(void)
1209 {
1210 	int err;
1211 
1212 	watchdog_kworker = kthread_create_worker(0, "watchdogd");
1213 	if (IS_ERR(watchdog_kworker)) {
1214 		pr_err("Failed to create watchdog kworker\n");
1215 		return PTR_ERR(watchdog_kworker);
1216 	}
1217 	sched_set_fifo(watchdog_kworker->task);
1218 
1219 	err = class_register(&watchdog_class);
1220 	if (err < 0) {
1221 		pr_err("couldn't register class\n");
1222 		goto err_register;
1223 	}
1224 
1225 	err = alloc_chrdev_region(&watchdog_devt, 0, MAX_DOGS, "watchdog");
1226 	if (err < 0) {
1227 		pr_err("watchdog: unable to allocate char dev region\n");
1228 		goto err_alloc;
1229 	}
1230 
1231 	return 0;
1232 
1233 err_alloc:
1234 	class_unregister(&watchdog_class);
1235 err_register:
1236 	kthread_destroy_worker(watchdog_kworker);
1237 	return err;
1238 }
1239 
1240 /**
1241  * watchdog_dev_exit - exit dev part of watchdog core
1242  *
1243  * Release the range of chardev nodes used for watchdog devices.
1244  */
1245 void __exit watchdog_dev_exit(void)
1246 {
1247 	unregister_chrdev_region(watchdog_devt, MAX_DOGS);
1248 	class_unregister(&watchdog_class);
1249 	kthread_destroy_worker(watchdog_kworker);
1250 }
1251 
1252 int watchdog_dev_suspend(struct watchdog_device *wdd)
1253 {
1254 	struct watchdog_core_data *wd_data = wdd->wd_data;
1255 	int ret = 0;
1256 
1257 	if (!wdd->wd_data)
1258 		return -ENODEV;
1259 
1260 	/* ping for the last time before suspend */
1261 	mutex_lock(&wd_data->lock);
1262 	if (watchdog_worker_should_ping(wd_data))
1263 		ret = __watchdog_ping(wd_data->wdd);
1264 	mutex_unlock(&wd_data->lock);
1265 
1266 	if (ret)
1267 		return ret;
1268 
1269 	/*
1270 	 * make sure that watchdog worker will not kick in when the wdog is
1271 	 * suspended
1272 	 */
1273 	hrtimer_cancel(&wd_data->timer);
1274 	kthread_cancel_work_sync(&wd_data->work);
1275 
1276 	return 0;
1277 }
1278 
1279 int watchdog_dev_resume(struct watchdog_device *wdd)
1280 {
1281 	struct watchdog_core_data *wd_data = wdd->wd_data;
1282 	int ret = 0;
1283 
1284 	if (!wdd->wd_data)
1285 		return -ENODEV;
1286 
1287 	/*
1288 	 * __watchdog_ping will also retrigger hrtimer and therefore restore the
1289 	 * ping worker if needed.
1290 	 */
1291 	mutex_lock(&wd_data->lock);
1292 	if (watchdog_worker_should_ping(wd_data))
1293 		ret = __watchdog_ping(wd_data->wdd);
1294 	mutex_unlock(&wd_data->lock);
1295 
1296 	return ret;
1297 }
1298 
1299 module_param(handle_boot_enabled, bool, 0444);
1300 MODULE_PARM_DESC(handle_boot_enabled,
1301 	"Watchdog core auto-updates boot enabled watchdogs before userspace takes over (default="
1302 	__MODULE_STRING(IS_ENABLED(CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED)) ")");
1303 
1304 module_param(open_timeout, uint, 0644);
1305 MODULE_PARM_DESC(open_timeout,
1306 	"Maximum time (in seconds, 0 means infinity) for userspace to take over a running watchdog (default="
1307 	__MODULE_STRING(CONFIG_WATCHDOG_OPEN_TIMEOUT) ")");
1308