1 // SPDX-License-Identifier: GPL-2.0+ 2 /* 3 * watchdog_dev.c 4 * 5 * (c) Copyright 2008-2011 Alan Cox <alan@lxorguk.ukuu.org.uk>, 6 * All Rights Reserved. 7 * 8 * (c) Copyright 2008-2011 Wim Van Sebroeck <wim@iguana.be>. 9 * 10 * (c) Copyright 2021 Hewlett Packard Enterprise Development LP. 11 * 12 * This source code is part of the generic code that can be used 13 * by all the watchdog timer drivers. 14 * 15 * This part of the generic code takes care of the following 16 * misc device: /dev/watchdog. 17 * 18 * Based on source code of the following authors: 19 * Matt Domsch <Matt_Domsch@dell.com>, 20 * Rob Radez <rob@osinvestor.com>, 21 * Rusty Lynch <rusty@linux.co.intel.com> 22 * Satyam Sharma <satyam@infradead.org> 23 * Randy Dunlap <randy.dunlap@oracle.com> 24 * 25 * Neither Alan Cox, CymruNet Ltd., Wim Van Sebroeck nor Iguana vzw. 26 * admit liability nor provide warranty for any of this software. 27 * This material is provided "AS-IS" and at no charge. 28 */ 29 30 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 31 32 #include <linux/cdev.h> /* For character device */ 33 #include <linux/errno.h> /* For the -ENODEV/... values */ 34 #include <linux/fs.h> /* For file operations */ 35 #include <linux/init.h> /* For __init/__exit/... */ 36 #include <linux/hrtimer.h> /* For hrtimers */ 37 #include <linux/kernel.h> /* For printk/panic/... */ 38 #include <linux/kthread.h> /* For kthread_work */ 39 #include <linux/miscdevice.h> /* For handling misc devices */ 40 #include <linux/module.h> /* For module stuff/... */ 41 #include <linux/mutex.h> /* For mutexes */ 42 #include <linux/slab.h> /* For memory functions */ 43 #include <linux/types.h> /* For standard types (like size_t) */ 44 #include <linux/watchdog.h> /* For watchdog specific items */ 45 #include <linux/uaccess.h> /* For copy_to_user/put_user/... */ 46 47 #include "watchdog_core.h" 48 #include "watchdog_pretimeout.h" 49 50 /* the dev_t structure to store the dynamically allocated watchdog devices */ 51 static dev_t watchdog_devt; 52 /* Reference to watchdog device behind /dev/watchdog */ 53 static struct watchdog_core_data *old_wd_data; 54 55 static struct kthread_worker *watchdog_kworker; 56 57 static bool handle_boot_enabled = 58 IS_ENABLED(CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED); 59 60 static unsigned open_timeout = CONFIG_WATCHDOG_OPEN_TIMEOUT; 61 62 static bool watchdog_past_open_deadline(struct watchdog_core_data *data) 63 { 64 return ktime_after(ktime_get(), data->open_deadline); 65 } 66 67 static void watchdog_set_open_deadline(struct watchdog_core_data *data) 68 { 69 data->open_deadline = open_timeout ? 70 ktime_get() + ktime_set(open_timeout, 0) : KTIME_MAX; 71 } 72 73 static inline bool watchdog_need_worker(struct watchdog_device *wdd) 74 { 75 /* All variables in milli-seconds */ 76 unsigned int hm = wdd->max_hw_heartbeat_ms; 77 unsigned int t = wdd->timeout * 1000; 78 79 /* 80 * A worker to generate heartbeat requests is needed if all of the 81 * following conditions are true. 82 * - Userspace activated the watchdog. 83 * - The driver provided a value for the maximum hardware timeout, and 84 * thus is aware that the framework supports generating heartbeat 85 * requests. 86 * - Userspace requests a longer timeout than the hardware can handle. 87 * 88 * Alternatively, if userspace has not opened the watchdog 89 * device, we take care of feeding the watchdog if it is 90 * running. 91 */ 92 return (hm && watchdog_active(wdd) && t > hm) || 93 (t && !watchdog_active(wdd) && watchdog_hw_running(wdd)); 94 } 95 96 static ktime_t watchdog_next_keepalive(struct watchdog_device *wdd) 97 { 98 struct watchdog_core_data *wd_data = wdd->wd_data; 99 unsigned int timeout_ms = wdd->timeout * 1000; 100 ktime_t keepalive_interval; 101 ktime_t last_heartbeat, latest_heartbeat; 102 ktime_t virt_timeout; 103 unsigned int hw_heartbeat_ms; 104 105 if (watchdog_active(wdd)) 106 virt_timeout = ktime_add(wd_data->last_keepalive, 107 ms_to_ktime(timeout_ms)); 108 else 109 virt_timeout = wd_data->open_deadline; 110 111 hw_heartbeat_ms = min_not_zero(timeout_ms, wdd->max_hw_heartbeat_ms); 112 keepalive_interval = ms_to_ktime(hw_heartbeat_ms / 2); 113 114 /* 115 * To ensure that the watchdog times out wdd->timeout seconds 116 * after the most recent ping from userspace, the last 117 * worker ping has to come in hw_heartbeat_ms before this timeout. 118 */ 119 last_heartbeat = ktime_sub(virt_timeout, ms_to_ktime(hw_heartbeat_ms)); 120 latest_heartbeat = ktime_sub(last_heartbeat, ktime_get()); 121 if (ktime_before(latest_heartbeat, keepalive_interval)) 122 return latest_heartbeat; 123 return keepalive_interval; 124 } 125 126 static inline void watchdog_update_worker(struct watchdog_device *wdd) 127 { 128 struct watchdog_core_data *wd_data = wdd->wd_data; 129 130 if (watchdog_need_worker(wdd)) { 131 ktime_t t = watchdog_next_keepalive(wdd); 132 133 if (t > 0) 134 hrtimer_start(&wd_data->timer, t, 135 HRTIMER_MODE_REL_HARD); 136 } else { 137 hrtimer_cancel(&wd_data->timer); 138 } 139 } 140 141 static int __watchdog_ping(struct watchdog_device *wdd) 142 { 143 struct watchdog_core_data *wd_data = wdd->wd_data; 144 ktime_t earliest_keepalive, now; 145 int err; 146 147 earliest_keepalive = ktime_add(wd_data->last_hw_keepalive, 148 ms_to_ktime(wdd->min_hw_heartbeat_ms)); 149 now = ktime_get(); 150 151 if (ktime_after(earliest_keepalive, now)) { 152 hrtimer_start(&wd_data->timer, 153 ktime_sub(earliest_keepalive, now), 154 HRTIMER_MODE_REL_HARD); 155 return 0; 156 } 157 158 wd_data->last_hw_keepalive = now; 159 160 if (wdd->ops->ping) 161 err = wdd->ops->ping(wdd); /* ping the watchdog */ 162 else 163 err = wdd->ops->start(wdd); /* restart watchdog */ 164 165 if (err == 0) 166 watchdog_hrtimer_pretimeout_start(wdd); 167 168 watchdog_update_worker(wdd); 169 170 return err; 171 } 172 173 /* 174 * watchdog_ping: ping the watchdog. 175 * @wdd: the watchdog device to ping 176 * 177 * The caller must hold wd_data->lock. 178 * 179 * If the watchdog has no own ping operation then it needs to be 180 * restarted via the start operation. This wrapper function does 181 * exactly that. 182 * We only ping when the watchdog device is running. 183 */ 184 185 static int watchdog_ping(struct watchdog_device *wdd) 186 { 187 struct watchdog_core_data *wd_data = wdd->wd_data; 188 189 if (!watchdog_active(wdd) && !watchdog_hw_running(wdd)) 190 return 0; 191 192 set_bit(_WDOG_KEEPALIVE, &wd_data->status); 193 194 wd_data->last_keepalive = ktime_get(); 195 return __watchdog_ping(wdd); 196 } 197 198 static bool watchdog_worker_should_ping(struct watchdog_core_data *wd_data) 199 { 200 struct watchdog_device *wdd = wd_data->wdd; 201 202 if (!wdd) 203 return false; 204 205 if (watchdog_active(wdd)) 206 return true; 207 208 return watchdog_hw_running(wdd) && !watchdog_past_open_deadline(wd_data); 209 } 210 211 static void watchdog_ping_work(struct kthread_work *work) 212 { 213 struct watchdog_core_data *wd_data; 214 215 wd_data = container_of(work, struct watchdog_core_data, work); 216 217 mutex_lock(&wd_data->lock); 218 if (watchdog_worker_should_ping(wd_data)) 219 __watchdog_ping(wd_data->wdd); 220 mutex_unlock(&wd_data->lock); 221 } 222 223 static enum hrtimer_restart watchdog_timer_expired(struct hrtimer *timer) 224 { 225 struct watchdog_core_data *wd_data; 226 227 wd_data = container_of(timer, struct watchdog_core_data, timer); 228 229 kthread_queue_work(watchdog_kworker, &wd_data->work); 230 return HRTIMER_NORESTART; 231 } 232 233 /* 234 * watchdog_start: wrapper to start the watchdog. 235 * @wdd: the watchdog device to start 236 * 237 * The caller must hold wd_data->lock. 238 * 239 * Start the watchdog if it is not active and mark it active. 240 * This function returns zero on success or a negative errno code for 241 * failure. 242 */ 243 244 static int watchdog_start(struct watchdog_device *wdd) 245 { 246 struct watchdog_core_data *wd_data = wdd->wd_data; 247 ktime_t started_at; 248 int err; 249 250 if (watchdog_active(wdd)) 251 return 0; 252 253 set_bit(_WDOG_KEEPALIVE, &wd_data->status); 254 255 started_at = ktime_get(); 256 if (watchdog_hw_running(wdd) && wdd->ops->ping) { 257 err = __watchdog_ping(wdd); 258 if (err == 0) { 259 set_bit(WDOG_ACTIVE, &wdd->status); 260 watchdog_hrtimer_pretimeout_start(wdd); 261 } 262 } else { 263 err = wdd->ops->start(wdd); 264 if (err == 0) { 265 set_bit(WDOG_ACTIVE, &wdd->status); 266 wd_data->last_keepalive = started_at; 267 wd_data->last_hw_keepalive = started_at; 268 watchdog_update_worker(wdd); 269 watchdog_hrtimer_pretimeout_start(wdd); 270 } 271 } 272 273 return err; 274 } 275 276 /* 277 * watchdog_stop: wrapper to stop the watchdog. 278 * @wdd: the watchdog device to stop 279 * 280 * The caller must hold wd_data->lock. 281 * 282 * Stop the watchdog if it is still active and unmark it active. 283 * This function returns zero on success or a negative errno code for 284 * failure. 285 * If the 'nowayout' feature was set, the watchdog cannot be stopped. 286 */ 287 288 static int watchdog_stop(struct watchdog_device *wdd) 289 { 290 int err = 0; 291 292 if (!watchdog_active(wdd)) 293 return 0; 294 295 if (test_bit(WDOG_NO_WAY_OUT, &wdd->status)) { 296 pr_info("watchdog%d: nowayout prevents watchdog being stopped!\n", 297 wdd->id); 298 return -EBUSY; 299 } 300 301 if (wdd->ops->stop) { 302 clear_bit(WDOG_HW_RUNNING, &wdd->status); 303 err = wdd->ops->stop(wdd); 304 } else { 305 set_bit(WDOG_HW_RUNNING, &wdd->status); 306 } 307 308 if (err == 0) { 309 clear_bit(WDOG_ACTIVE, &wdd->status); 310 watchdog_update_worker(wdd); 311 watchdog_hrtimer_pretimeout_stop(wdd); 312 } 313 314 return err; 315 } 316 317 /* 318 * watchdog_get_status: wrapper to get the watchdog status 319 * @wdd: the watchdog device to get the status from 320 * 321 * The caller must hold wd_data->lock. 322 * 323 * Get the watchdog's status flags. 324 */ 325 326 static unsigned int watchdog_get_status(struct watchdog_device *wdd) 327 { 328 struct watchdog_core_data *wd_data = wdd->wd_data; 329 unsigned int status; 330 331 if (wdd->ops->status) 332 status = wdd->ops->status(wdd); 333 else 334 status = wdd->bootstatus & (WDIOF_CARDRESET | 335 WDIOF_OVERHEAT | 336 WDIOF_FANFAULT | 337 WDIOF_EXTERN1 | 338 WDIOF_EXTERN2 | 339 WDIOF_POWERUNDER | 340 WDIOF_POWEROVER); 341 342 if (test_bit(_WDOG_ALLOW_RELEASE, &wd_data->status)) 343 status |= WDIOF_MAGICCLOSE; 344 345 if (test_and_clear_bit(_WDOG_KEEPALIVE, &wd_data->status)) 346 status |= WDIOF_KEEPALIVEPING; 347 348 if (IS_ENABLED(CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT)) 349 status |= WDIOF_PRETIMEOUT; 350 351 return status; 352 } 353 354 /* 355 * watchdog_set_timeout: set the watchdog timer timeout 356 * @wdd: the watchdog device to set the timeout for 357 * @timeout: timeout to set in seconds 358 * 359 * The caller must hold wd_data->lock. 360 */ 361 362 static int watchdog_set_timeout(struct watchdog_device *wdd, 363 unsigned int timeout) 364 { 365 int err = 0; 366 367 if (!(wdd->info->options & WDIOF_SETTIMEOUT)) 368 return -EOPNOTSUPP; 369 370 if (watchdog_timeout_invalid(wdd, timeout)) 371 return -EINVAL; 372 373 if (wdd->ops->set_timeout) { 374 err = wdd->ops->set_timeout(wdd, timeout); 375 } else { 376 wdd->timeout = timeout; 377 /* Disable pretimeout if it doesn't fit the new timeout */ 378 if (wdd->pretimeout >= wdd->timeout) 379 wdd->pretimeout = 0; 380 } 381 382 watchdog_update_worker(wdd); 383 384 return err; 385 } 386 387 /* 388 * watchdog_set_pretimeout: set the watchdog timer pretimeout 389 * @wdd: the watchdog device to set the timeout for 390 * @timeout: pretimeout to set in seconds 391 */ 392 393 static int watchdog_set_pretimeout(struct watchdog_device *wdd, 394 unsigned int timeout) 395 { 396 int err = 0; 397 398 if (!watchdog_have_pretimeout(wdd)) 399 return -EOPNOTSUPP; 400 401 if (watchdog_pretimeout_invalid(wdd, timeout)) 402 return -EINVAL; 403 404 if (wdd->ops->set_pretimeout && (wdd->info->options & WDIOF_PRETIMEOUT)) 405 err = wdd->ops->set_pretimeout(wdd, timeout); 406 else 407 wdd->pretimeout = timeout; 408 409 return err; 410 } 411 412 /* 413 * watchdog_get_timeleft: wrapper to get the time left before a reboot 414 * @wdd: the watchdog device to get the remaining time from 415 * @timeleft: the time that's left 416 * 417 * The caller must hold wd_data->lock. 418 * 419 * Get the time before a watchdog will reboot (if not pinged). 420 */ 421 422 static int watchdog_get_timeleft(struct watchdog_device *wdd, 423 unsigned int *timeleft) 424 { 425 *timeleft = 0; 426 427 if (!wdd->ops->get_timeleft) 428 return -EOPNOTSUPP; 429 430 *timeleft = wdd->ops->get_timeleft(wdd); 431 432 return 0; 433 } 434 435 #ifdef CONFIG_WATCHDOG_SYSFS 436 static ssize_t nowayout_show(struct device *dev, struct device_attribute *attr, 437 char *buf) 438 { 439 struct watchdog_device *wdd = dev_get_drvdata(dev); 440 441 return sysfs_emit(buf, "%d\n", !!test_bit(WDOG_NO_WAY_OUT, 442 &wdd->status)); 443 } 444 445 static ssize_t nowayout_store(struct device *dev, struct device_attribute *attr, 446 const char *buf, size_t len) 447 { 448 struct watchdog_device *wdd = dev_get_drvdata(dev); 449 unsigned int value; 450 int ret; 451 452 ret = kstrtouint(buf, 0, &value); 453 if (ret) 454 return ret; 455 if (value > 1) 456 return -EINVAL; 457 /* nowayout cannot be disabled once set */ 458 if (test_bit(WDOG_NO_WAY_OUT, &wdd->status) && !value) 459 return -EPERM; 460 watchdog_set_nowayout(wdd, value); 461 return len; 462 } 463 static DEVICE_ATTR_RW(nowayout); 464 465 static ssize_t status_show(struct device *dev, struct device_attribute *attr, 466 char *buf) 467 { 468 struct watchdog_device *wdd = dev_get_drvdata(dev); 469 struct watchdog_core_data *wd_data = wdd->wd_data; 470 unsigned int status; 471 472 mutex_lock(&wd_data->lock); 473 status = watchdog_get_status(wdd); 474 mutex_unlock(&wd_data->lock); 475 476 return sysfs_emit(buf, "0x%x\n", status); 477 } 478 static DEVICE_ATTR_RO(status); 479 480 static ssize_t bootstatus_show(struct device *dev, 481 struct device_attribute *attr, char *buf) 482 { 483 struct watchdog_device *wdd = dev_get_drvdata(dev); 484 485 return sysfs_emit(buf, "%u\n", wdd->bootstatus); 486 } 487 static DEVICE_ATTR_RO(bootstatus); 488 489 static ssize_t timeleft_show(struct device *dev, struct device_attribute *attr, 490 char *buf) 491 { 492 struct watchdog_device *wdd = dev_get_drvdata(dev); 493 struct watchdog_core_data *wd_data = wdd->wd_data; 494 ssize_t status; 495 unsigned int val; 496 497 mutex_lock(&wd_data->lock); 498 status = watchdog_get_timeleft(wdd, &val); 499 mutex_unlock(&wd_data->lock); 500 if (!status) 501 status = sysfs_emit(buf, "%u\n", val); 502 503 return status; 504 } 505 static DEVICE_ATTR_RO(timeleft); 506 507 static ssize_t timeout_show(struct device *dev, struct device_attribute *attr, 508 char *buf) 509 { 510 struct watchdog_device *wdd = dev_get_drvdata(dev); 511 512 return sysfs_emit(buf, "%u\n", wdd->timeout); 513 } 514 static DEVICE_ATTR_RO(timeout); 515 516 static ssize_t min_timeout_show(struct device *dev, 517 struct device_attribute *attr, char *buf) 518 { 519 struct watchdog_device *wdd = dev_get_drvdata(dev); 520 521 return sysfs_emit(buf, "%u\n", wdd->min_timeout); 522 } 523 static DEVICE_ATTR_RO(min_timeout); 524 525 static ssize_t max_timeout_show(struct device *dev, 526 struct device_attribute *attr, char *buf) 527 { 528 struct watchdog_device *wdd = dev_get_drvdata(dev); 529 530 return sysfs_emit(buf, "%u\n", wdd->max_timeout); 531 } 532 static DEVICE_ATTR_RO(max_timeout); 533 534 static ssize_t pretimeout_show(struct device *dev, 535 struct device_attribute *attr, char *buf) 536 { 537 struct watchdog_device *wdd = dev_get_drvdata(dev); 538 539 return sysfs_emit(buf, "%u\n", wdd->pretimeout); 540 } 541 static DEVICE_ATTR_RO(pretimeout); 542 543 static ssize_t identity_show(struct device *dev, struct device_attribute *attr, 544 char *buf) 545 { 546 struct watchdog_device *wdd = dev_get_drvdata(dev); 547 548 return sysfs_emit(buf, "%s\n", wdd->info->identity); 549 } 550 static DEVICE_ATTR_RO(identity); 551 552 static ssize_t state_show(struct device *dev, struct device_attribute *attr, 553 char *buf) 554 { 555 struct watchdog_device *wdd = dev_get_drvdata(dev); 556 557 if (watchdog_active(wdd)) 558 return sysfs_emit(buf, "active\n"); 559 560 return sysfs_emit(buf, "inactive\n"); 561 } 562 static DEVICE_ATTR_RO(state); 563 564 static ssize_t pretimeout_available_governors_show(struct device *dev, 565 struct device_attribute *attr, char *buf) 566 { 567 return watchdog_pretimeout_available_governors_get(buf); 568 } 569 static DEVICE_ATTR_RO(pretimeout_available_governors); 570 571 static ssize_t pretimeout_governor_show(struct device *dev, 572 struct device_attribute *attr, 573 char *buf) 574 { 575 struct watchdog_device *wdd = dev_get_drvdata(dev); 576 577 return watchdog_pretimeout_governor_get(wdd, buf); 578 } 579 580 static ssize_t pretimeout_governor_store(struct device *dev, 581 struct device_attribute *attr, 582 const char *buf, size_t count) 583 { 584 struct watchdog_device *wdd = dev_get_drvdata(dev); 585 int ret = watchdog_pretimeout_governor_set(wdd, buf); 586 587 if (!ret) 588 ret = count; 589 590 return ret; 591 } 592 static DEVICE_ATTR_RW(pretimeout_governor); 593 594 static umode_t wdt_is_visible(struct kobject *kobj, struct attribute *attr, 595 int n) 596 { 597 struct device *dev = kobj_to_dev(kobj); 598 struct watchdog_device *wdd = dev_get_drvdata(dev); 599 umode_t mode = attr->mode; 600 601 if (attr == &dev_attr_timeleft.attr && !wdd->ops->get_timeleft) 602 mode = 0; 603 else if (attr == &dev_attr_pretimeout.attr && !watchdog_have_pretimeout(wdd)) 604 mode = 0; 605 else if ((attr == &dev_attr_pretimeout_governor.attr || 606 attr == &dev_attr_pretimeout_available_governors.attr) && 607 (!watchdog_have_pretimeout(wdd) || !IS_ENABLED(CONFIG_WATCHDOG_PRETIMEOUT_GOV))) 608 mode = 0; 609 610 return mode; 611 } 612 static struct attribute *wdt_attrs[] = { 613 &dev_attr_state.attr, 614 &dev_attr_identity.attr, 615 &dev_attr_timeout.attr, 616 &dev_attr_min_timeout.attr, 617 &dev_attr_max_timeout.attr, 618 &dev_attr_pretimeout.attr, 619 &dev_attr_timeleft.attr, 620 &dev_attr_bootstatus.attr, 621 &dev_attr_status.attr, 622 &dev_attr_nowayout.attr, 623 &dev_attr_pretimeout_governor.attr, 624 &dev_attr_pretimeout_available_governors.attr, 625 NULL, 626 }; 627 628 static const struct attribute_group wdt_group = { 629 .attrs = wdt_attrs, 630 .is_visible = wdt_is_visible, 631 }; 632 __ATTRIBUTE_GROUPS(wdt); 633 #else 634 #define wdt_groups NULL 635 #endif 636 637 /* 638 * watchdog_ioctl_op: call the watchdog drivers ioctl op if defined 639 * @wdd: the watchdog device to do the ioctl on 640 * @cmd: watchdog command 641 * @arg: argument pointer 642 * 643 * The caller must hold wd_data->lock. 644 */ 645 646 static int watchdog_ioctl_op(struct watchdog_device *wdd, unsigned int cmd, 647 unsigned long arg) 648 { 649 if (!wdd->ops->ioctl) 650 return -ENOIOCTLCMD; 651 652 return wdd->ops->ioctl(wdd, cmd, arg); 653 } 654 655 /* 656 * watchdog_write: writes to the watchdog. 657 * @file: file from VFS 658 * @data: user address of data 659 * @len: length of data 660 * @ppos: pointer to the file offset 661 * 662 * A write to a watchdog device is defined as a keepalive ping. 663 * Writing the magic 'V' sequence allows the next close to turn 664 * off the watchdog (if 'nowayout' is not set). 665 */ 666 667 static ssize_t watchdog_write(struct file *file, const char __user *data, 668 size_t len, loff_t *ppos) 669 { 670 struct watchdog_core_data *wd_data = file->private_data; 671 struct watchdog_device *wdd; 672 int err; 673 size_t i; 674 char c; 675 676 if (len == 0) 677 return 0; 678 679 /* 680 * Note: just in case someone wrote the magic character 681 * five months ago... 682 */ 683 clear_bit(_WDOG_ALLOW_RELEASE, &wd_data->status); 684 685 /* scan to see whether or not we got the magic character */ 686 for (i = 0; i != len; i++) { 687 if (get_user(c, data + i)) 688 return -EFAULT; 689 if (c == 'V') 690 set_bit(_WDOG_ALLOW_RELEASE, &wd_data->status); 691 } 692 693 /* someone wrote to us, so we send the watchdog a keepalive ping */ 694 695 err = -ENODEV; 696 mutex_lock(&wd_data->lock); 697 wdd = wd_data->wdd; 698 if (wdd) 699 err = watchdog_ping(wdd); 700 mutex_unlock(&wd_data->lock); 701 702 if (err < 0) 703 return err; 704 705 return len; 706 } 707 708 /* 709 * watchdog_ioctl: handle the different ioctl's for the watchdog device. 710 * @file: file handle to the device 711 * @cmd: watchdog command 712 * @arg: argument pointer 713 * 714 * The watchdog API defines a common set of functions for all watchdogs 715 * according to their available features. 716 */ 717 718 static long watchdog_ioctl(struct file *file, unsigned int cmd, 719 unsigned long arg) 720 { 721 struct watchdog_core_data *wd_data = file->private_data; 722 void __user *argp = (void __user *)arg; 723 struct watchdog_device *wdd; 724 int __user *p = argp; 725 unsigned int val; 726 int err; 727 728 mutex_lock(&wd_data->lock); 729 730 wdd = wd_data->wdd; 731 if (!wdd) { 732 err = -ENODEV; 733 goto out_ioctl; 734 } 735 736 err = watchdog_ioctl_op(wdd, cmd, arg); 737 if (err != -ENOIOCTLCMD) 738 goto out_ioctl; 739 740 switch (cmd) { 741 case WDIOC_GETSUPPORT: 742 err = copy_to_user(argp, wdd->info, 743 sizeof(struct watchdog_info)) ? -EFAULT : 0; 744 break; 745 case WDIOC_GETSTATUS: 746 val = watchdog_get_status(wdd); 747 err = put_user(val, p); 748 break; 749 case WDIOC_GETBOOTSTATUS: 750 err = put_user(wdd->bootstatus, p); 751 break; 752 case WDIOC_SETOPTIONS: 753 if (get_user(val, p)) { 754 err = -EFAULT; 755 break; 756 } 757 if (val & WDIOS_DISABLECARD) { 758 err = watchdog_stop(wdd); 759 if (err < 0) 760 break; 761 } 762 if (val & WDIOS_ENABLECARD) 763 err = watchdog_start(wdd); 764 break; 765 case WDIOC_KEEPALIVE: 766 if (!(wdd->info->options & WDIOF_KEEPALIVEPING)) { 767 err = -EOPNOTSUPP; 768 break; 769 } 770 err = watchdog_ping(wdd); 771 break; 772 case WDIOC_SETTIMEOUT: 773 if (get_user(val, p)) { 774 err = -EFAULT; 775 break; 776 } 777 err = watchdog_set_timeout(wdd, val); 778 if (err < 0) 779 break; 780 /* If the watchdog is active then we send a keepalive ping 781 * to make sure that the watchdog keep's running (and if 782 * possible that it takes the new timeout) */ 783 err = watchdog_ping(wdd); 784 if (err < 0) 785 break; 786 fallthrough; 787 case WDIOC_GETTIMEOUT: 788 /* timeout == 0 means that we don't know the timeout */ 789 if (wdd->timeout == 0) { 790 err = -EOPNOTSUPP; 791 break; 792 } 793 err = put_user(wdd->timeout, p); 794 break; 795 case WDIOC_GETTIMELEFT: 796 err = watchdog_get_timeleft(wdd, &val); 797 if (err < 0) 798 break; 799 err = put_user(val, p); 800 break; 801 case WDIOC_SETPRETIMEOUT: 802 if (get_user(val, p)) { 803 err = -EFAULT; 804 break; 805 } 806 err = watchdog_set_pretimeout(wdd, val); 807 break; 808 case WDIOC_GETPRETIMEOUT: 809 err = put_user(wdd->pretimeout, p); 810 break; 811 default: 812 err = -ENOTTY; 813 break; 814 } 815 816 out_ioctl: 817 mutex_unlock(&wd_data->lock); 818 return err; 819 } 820 821 /* 822 * watchdog_open: open the /dev/watchdog* devices. 823 * @inode: inode of device 824 * @file: file handle to device 825 * 826 * When the /dev/watchdog* device gets opened, we start the watchdog. 827 * Watch out: the /dev/watchdog device is single open, so we make sure 828 * it can only be opened once. 829 */ 830 831 static int watchdog_open(struct inode *inode, struct file *file) 832 { 833 struct watchdog_core_data *wd_data; 834 struct watchdog_device *wdd; 835 bool hw_running; 836 int err; 837 838 /* Get the corresponding watchdog device */ 839 if (imajor(inode) == MISC_MAJOR) 840 wd_data = old_wd_data; 841 else 842 wd_data = container_of(inode->i_cdev, struct watchdog_core_data, 843 cdev); 844 845 /* the watchdog is single open! */ 846 if (test_and_set_bit(_WDOG_DEV_OPEN, &wd_data->status)) 847 return -EBUSY; 848 849 wdd = wd_data->wdd; 850 851 /* 852 * If the /dev/watchdog device is open, we don't want the module 853 * to be unloaded. 854 */ 855 hw_running = watchdog_hw_running(wdd); 856 if (!hw_running && !try_module_get(wdd->ops->owner)) { 857 err = -EBUSY; 858 goto out_clear; 859 } 860 861 err = watchdog_start(wdd); 862 if (err < 0) 863 goto out_mod; 864 865 file->private_data = wd_data; 866 867 if (!hw_running) 868 get_device(&wd_data->dev); 869 870 /* 871 * open_timeout only applies for the first open from 872 * userspace. Set open_deadline to infinity so that the kernel 873 * will take care of an always-running hardware watchdog in 874 * case the device gets magic-closed or WDIOS_DISABLECARD is 875 * applied. 876 */ 877 wd_data->open_deadline = KTIME_MAX; 878 879 /* dev/watchdog is a virtual (and thus non-seekable) filesystem */ 880 return stream_open(inode, file); 881 882 out_mod: 883 module_put(wd_data->wdd->ops->owner); 884 out_clear: 885 clear_bit(_WDOG_DEV_OPEN, &wd_data->status); 886 return err; 887 } 888 889 static void watchdog_core_data_release(struct device *dev) 890 { 891 struct watchdog_core_data *wd_data; 892 893 wd_data = container_of(dev, struct watchdog_core_data, dev); 894 895 kfree(wd_data); 896 } 897 898 /* 899 * watchdog_release: release the watchdog device. 900 * @inode: inode of device 901 * @file: file handle to device 902 * 903 * This is the code for when /dev/watchdog gets closed. We will only 904 * stop the watchdog when we have received the magic char (and nowayout 905 * was not set), else the watchdog will keep running. 906 */ 907 908 static int watchdog_release(struct inode *inode, struct file *file) 909 { 910 struct watchdog_core_data *wd_data = file->private_data; 911 struct watchdog_device *wdd; 912 int err = -EBUSY; 913 bool running; 914 915 mutex_lock(&wd_data->lock); 916 917 wdd = wd_data->wdd; 918 if (!wdd) 919 goto done; 920 921 /* 922 * We only stop the watchdog if we received the magic character 923 * or if WDIOF_MAGICCLOSE is not set. If nowayout was set then 924 * watchdog_stop will fail. 925 */ 926 if (!watchdog_active(wdd)) 927 err = 0; 928 else if (test_and_clear_bit(_WDOG_ALLOW_RELEASE, &wd_data->status) || 929 !(wdd->info->options & WDIOF_MAGICCLOSE)) 930 err = watchdog_stop(wdd); 931 932 /* If the watchdog was not stopped, send a keepalive ping */ 933 if (err < 0) { 934 pr_crit("watchdog%d: watchdog did not stop!\n", wdd->id); 935 watchdog_ping(wdd); 936 } 937 938 watchdog_update_worker(wdd); 939 940 /* make sure that /dev/watchdog can be re-opened */ 941 clear_bit(_WDOG_DEV_OPEN, &wd_data->status); 942 943 done: 944 running = wdd && watchdog_hw_running(wdd); 945 mutex_unlock(&wd_data->lock); 946 /* 947 * Allow the owner module to be unloaded again unless the watchdog 948 * is still running. If the watchdog is still running, it can not 949 * be stopped, and its driver must not be unloaded. 950 */ 951 if (!running) { 952 module_put(wd_data->cdev.owner); 953 put_device(&wd_data->dev); 954 } 955 return 0; 956 } 957 958 static const struct file_operations watchdog_fops = { 959 .owner = THIS_MODULE, 960 .write = watchdog_write, 961 .unlocked_ioctl = watchdog_ioctl, 962 .compat_ioctl = compat_ptr_ioctl, 963 .open = watchdog_open, 964 .release = watchdog_release, 965 }; 966 967 static struct miscdevice watchdog_miscdev = { 968 .minor = WATCHDOG_MINOR, 969 .name = "watchdog", 970 .fops = &watchdog_fops, 971 }; 972 973 static struct class watchdog_class = { 974 .name = "watchdog", 975 .owner = THIS_MODULE, 976 .dev_groups = wdt_groups, 977 }; 978 979 /* 980 * watchdog_cdev_register: register watchdog character device 981 * @wdd: watchdog device 982 * 983 * Register a watchdog character device including handling the legacy 984 * /dev/watchdog node. /dev/watchdog is actually a miscdevice and 985 * thus we set it up like that. 986 */ 987 988 static int watchdog_cdev_register(struct watchdog_device *wdd) 989 { 990 struct watchdog_core_data *wd_data; 991 int err; 992 993 wd_data = kzalloc(sizeof(struct watchdog_core_data), GFP_KERNEL); 994 if (!wd_data) 995 return -ENOMEM; 996 mutex_init(&wd_data->lock); 997 998 wd_data->wdd = wdd; 999 wdd->wd_data = wd_data; 1000 1001 if (IS_ERR_OR_NULL(watchdog_kworker)) { 1002 kfree(wd_data); 1003 return -ENODEV; 1004 } 1005 1006 device_initialize(&wd_data->dev); 1007 wd_data->dev.devt = MKDEV(MAJOR(watchdog_devt), wdd->id); 1008 wd_data->dev.class = &watchdog_class; 1009 wd_data->dev.parent = wdd->parent; 1010 wd_data->dev.groups = wdd->groups; 1011 wd_data->dev.release = watchdog_core_data_release; 1012 dev_set_drvdata(&wd_data->dev, wdd); 1013 dev_set_name(&wd_data->dev, "watchdog%d", wdd->id); 1014 1015 kthread_init_work(&wd_data->work, watchdog_ping_work); 1016 hrtimer_init(&wd_data->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_HARD); 1017 wd_data->timer.function = watchdog_timer_expired; 1018 watchdog_hrtimer_pretimeout_init(wdd); 1019 1020 if (wdd->id == 0) { 1021 old_wd_data = wd_data; 1022 watchdog_miscdev.parent = wdd->parent; 1023 err = misc_register(&watchdog_miscdev); 1024 if (err != 0) { 1025 pr_err("%s: cannot register miscdev on minor=%d (err=%d).\n", 1026 wdd->info->identity, WATCHDOG_MINOR, err); 1027 if (err == -EBUSY) 1028 pr_err("%s: a legacy watchdog module is probably present.\n", 1029 wdd->info->identity); 1030 old_wd_data = NULL; 1031 put_device(&wd_data->dev); 1032 return err; 1033 } 1034 } 1035 1036 /* Fill in the data structures */ 1037 cdev_init(&wd_data->cdev, &watchdog_fops); 1038 1039 /* Add the device */ 1040 err = cdev_device_add(&wd_data->cdev, &wd_data->dev); 1041 if (err) { 1042 pr_err("watchdog%d unable to add device %d:%d\n", 1043 wdd->id, MAJOR(watchdog_devt), wdd->id); 1044 if (wdd->id == 0) { 1045 misc_deregister(&watchdog_miscdev); 1046 old_wd_data = NULL; 1047 put_device(&wd_data->dev); 1048 } 1049 return err; 1050 } 1051 1052 wd_data->cdev.owner = wdd->ops->owner; 1053 1054 /* Record time of most recent heartbeat as 'just before now'. */ 1055 wd_data->last_hw_keepalive = ktime_sub(ktime_get(), 1); 1056 watchdog_set_open_deadline(wd_data); 1057 1058 /* 1059 * If the watchdog is running, prevent its driver from being unloaded, 1060 * and schedule an immediate ping. 1061 */ 1062 if (watchdog_hw_running(wdd)) { 1063 __module_get(wdd->ops->owner); 1064 get_device(&wd_data->dev); 1065 if (handle_boot_enabled) 1066 hrtimer_start(&wd_data->timer, 0, 1067 HRTIMER_MODE_REL_HARD); 1068 else 1069 pr_info("watchdog%d running and kernel based pre-userspace handler disabled\n", 1070 wdd->id); 1071 } 1072 1073 return 0; 1074 } 1075 1076 /* 1077 * watchdog_cdev_unregister: unregister watchdog character device 1078 * @watchdog: watchdog device 1079 * 1080 * Unregister watchdog character device and if needed the legacy 1081 * /dev/watchdog device. 1082 */ 1083 1084 static void watchdog_cdev_unregister(struct watchdog_device *wdd) 1085 { 1086 struct watchdog_core_data *wd_data = wdd->wd_data; 1087 1088 cdev_device_del(&wd_data->cdev, &wd_data->dev); 1089 if (wdd->id == 0) { 1090 misc_deregister(&watchdog_miscdev); 1091 old_wd_data = NULL; 1092 } 1093 1094 if (watchdog_active(wdd) && 1095 test_bit(WDOG_STOP_ON_UNREGISTER, &wdd->status)) { 1096 watchdog_stop(wdd); 1097 } 1098 1099 watchdog_hrtimer_pretimeout_stop(wdd); 1100 1101 mutex_lock(&wd_data->lock); 1102 wd_data->wdd = NULL; 1103 wdd->wd_data = NULL; 1104 mutex_unlock(&wd_data->lock); 1105 1106 hrtimer_cancel(&wd_data->timer); 1107 kthread_cancel_work_sync(&wd_data->work); 1108 1109 put_device(&wd_data->dev); 1110 } 1111 1112 /* 1113 * watchdog_dev_register: register a watchdog device 1114 * @wdd: watchdog device 1115 * 1116 * Register a watchdog device including handling the legacy 1117 * /dev/watchdog node. /dev/watchdog is actually a miscdevice and 1118 * thus we set it up like that. 1119 */ 1120 1121 int watchdog_dev_register(struct watchdog_device *wdd) 1122 { 1123 int ret; 1124 1125 ret = watchdog_cdev_register(wdd); 1126 if (ret) 1127 return ret; 1128 1129 ret = watchdog_register_pretimeout(wdd); 1130 if (ret) 1131 watchdog_cdev_unregister(wdd); 1132 1133 return ret; 1134 } 1135 1136 /* 1137 * watchdog_dev_unregister: unregister a watchdog device 1138 * @watchdog: watchdog device 1139 * 1140 * Unregister watchdog device and if needed the legacy 1141 * /dev/watchdog device. 1142 */ 1143 1144 void watchdog_dev_unregister(struct watchdog_device *wdd) 1145 { 1146 watchdog_unregister_pretimeout(wdd); 1147 watchdog_cdev_unregister(wdd); 1148 } 1149 1150 /* 1151 * watchdog_set_last_hw_keepalive: set last HW keepalive time for watchdog 1152 * @wdd: watchdog device 1153 * @last_ping_ms: time since last HW heartbeat 1154 * 1155 * Adjusts the last known HW keepalive time for a watchdog timer. 1156 * This is needed if the watchdog is already running when the probe 1157 * function is called, and it can't be pinged immediately. This 1158 * function must be called immediately after watchdog registration, 1159 * and min_hw_heartbeat_ms must be set for this to be useful. 1160 */ 1161 int watchdog_set_last_hw_keepalive(struct watchdog_device *wdd, 1162 unsigned int last_ping_ms) 1163 { 1164 struct watchdog_core_data *wd_data; 1165 ktime_t now; 1166 1167 if (!wdd) 1168 return -EINVAL; 1169 1170 wd_data = wdd->wd_data; 1171 1172 now = ktime_get(); 1173 1174 wd_data->last_hw_keepalive = ktime_sub(now, ms_to_ktime(last_ping_ms)); 1175 1176 if (watchdog_hw_running(wdd) && handle_boot_enabled) 1177 return __watchdog_ping(wdd); 1178 1179 return 0; 1180 } 1181 EXPORT_SYMBOL_GPL(watchdog_set_last_hw_keepalive); 1182 1183 /* 1184 * watchdog_dev_init: init dev part of watchdog core 1185 * 1186 * Allocate a range of chardev nodes to use for watchdog devices 1187 */ 1188 1189 int __init watchdog_dev_init(void) 1190 { 1191 int err; 1192 1193 watchdog_kworker = kthread_create_worker(0, "watchdogd"); 1194 if (IS_ERR(watchdog_kworker)) { 1195 pr_err("Failed to create watchdog kworker\n"); 1196 return PTR_ERR(watchdog_kworker); 1197 } 1198 sched_set_fifo(watchdog_kworker->task); 1199 1200 err = class_register(&watchdog_class); 1201 if (err < 0) { 1202 pr_err("couldn't register class\n"); 1203 goto err_register; 1204 } 1205 1206 err = alloc_chrdev_region(&watchdog_devt, 0, MAX_DOGS, "watchdog"); 1207 if (err < 0) { 1208 pr_err("watchdog: unable to allocate char dev region\n"); 1209 goto err_alloc; 1210 } 1211 1212 return 0; 1213 1214 err_alloc: 1215 class_unregister(&watchdog_class); 1216 err_register: 1217 kthread_destroy_worker(watchdog_kworker); 1218 return err; 1219 } 1220 1221 /* 1222 * watchdog_dev_exit: exit dev part of watchdog core 1223 * 1224 * Release the range of chardev nodes used for watchdog devices 1225 */ 1226 1227 void __exit watchdog_dev_exit(void) 1228 { 1229 unregister_chrdev_region(watchdog_devt, MAX_DOGS); 1230 class_unregister(&watchdog_class); 1231 kthread_destroy_worker(watchdog_kworker); 1232 } 1233 1234 int watchdog_dev_suspend(struct watchdog_device *wdd) 1235 { 1236 struct watchdog_core_data *wd_data = wdd->wd_data; 1237 int ret = 0; 1238 1239 if (!wdd->wd_data) 1240 return -ENODEV; 1241 1242 /* ping for the last time before suspend */ 1243 mutex_lock(&wd_data->lock); 1244 if (watchdog_worker_should_ping(wd_data)) 1245 ret = __watchdog_ping(wd_data->wdd); 1246 mutex_unlock(&wd_data->lock); 1247 1248 if (ret) 1249 return ret; 1250 1251 /* 1252 * make sure that watchdog worker will not kick in when the wdog is 1253 * suspended 1254 */ 1255 hrtimer_cancel(&wd_data->timer); 1256 kthread_cancel_work_sync(&wd_data->work); 1257 1258 return 0; 1259 } 1260 1261 int watchdog_dev_resume(struct watchdog_device *wdd) 1262 { 1263 struct watchdog_core_data *wd_data = wdd->wd_data; 1264 int ret = 0; 1265 1266 if (!wdd->wd_data) 1267 return -ENODEV; 1268 1269 /* 1270 * __watchdog_ping will also retrigger hrtimer and therefore restore the 1271 * ping worker if needed. 1272 */ 1273 mutex_lock(&wd_data->lock); 1274 if (watchdog_worker_should_ping(wd_data)) 1275 ret = __watchdog_ping(wd_data->wdd); 1276 mutex_unlock(&wd_data->lock); 1277 1278 return ret; 1279 } 1280 1281 module_param(handle_boot_enabled, bool, 0444); 1282 MODULE_PARM_DESC(handle_boot_enabled, 1283 "Watchdog core auto-updates boot enabled watchdogs before userspace takes over (default=" 1284 __MODULE_STRING(IS_ENABLED(CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED)) ")"); 1285 1286 module_param(open_timeout, uint, 0644); 1287 MODULE_PARM_DESC(open_timeout, 1288 "Maximum time (in seconds, 0 means infinity) for userspace to take over a running watchdog (default=" 1289 __MODULE_STRING(CONFIG_WATCHDOG_OPEN_TIMEOUT) ")"); 1290