From patchwork Wed Jun 5 14:06:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rasmus Villemoes X-Patchwork-Id: 10977067 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E9C8115E6 for ; Wed, 5 Jun 2019 14:07:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DB663286B3 for ; Wed, 5 Jun 2019 14:07:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CFDC3289D0; Wed, 5 Jun 2019 14:07:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2FD98286B3 for ; Wed, 5 Jun 2019 14:07:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728247AbfFEOG6 (ORCPT ); Wed, 5 Jun 2019 10:06:58 -0400 Received: from mail-eopbgr30099.outbound.protection.outlook.com ([40.107.3.99]:52096 "EHLO EUR03-AM5-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727936AbfFEOG6 (ORCPT ); Wed, 5 Jun 2019 10:06:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=prevas.se; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OTWPGD1LFbcAOC7AbRTtdf/BfQ4/vbel62sROWapj1o=; b=TYG30B5+VUqeS1UnxMvoxsIIE5f0b1cmzUhGM9alpGlwRdyivYD5IbP4JAdKL3WyhXmE8cMU2iA6LXkWq3L2hwGZbh/KI97n+ijb5fN0kA21mhJQ7ia4TI4tvDrwyYvMpkq6hNa4P8iKk4h5AmscpBegPkl15z9PjW1Gf6JFEo8= Received: from VI1PR10MB2639.EURPRD10.PROD.OUTLOOK.COM (20.178.126.80) by VI1PR10MB2382.EURPRD10.PROD.OUTLOOK.COM (20.177.62.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1965.12; Wed, 5 Jun 2019 14:06:51 +0000 Received: from VI1PR10MB2639.EURPRD10.PROD.OUTLOOK.COM ([fe80::8844:426d:816b:f5d5]) by VI1PR10MB2639.EURPRD10.PROD.OUTLOOK.COM ([fe80::8844:426d:816b:f5d5%6]) with mapi id 15.20.1965.011; Wed, 5 Jun 2019 14:06:51 +0000 From: Rasmus Villemoes To: "linux-watchdog@vger.kernel.org" , Guenter Roeck , Wim Van Sebroeck , Jonathan Corbet CC: "linux-kernel@vger.kernel.org" , "linux-doc@vger.kernel.org" , Esben Haabendal , Jerry Hoemann , Rasmus Villemoes Subject: [PATCH v10 1/3] watchdog: introduce watchdog.open_timeout commandline parameter Thread-Topic: [PATCH v10 1/3] watchdog: introduce watchdog.open_timeout commandline parameter Thread-Index: AQHVG6fmrk5axvbLdE2WvNl02CTuBA== Date: Wed, 5 Jun 2019 14:06:41 +0000 Message-ID: <20190605140628.618-2-rasmus.villemoes@prevas.dk> References: <20190605140628.618-1-rasmus.villemoes@prevas.dk> In-Reply-To: <20190605140628.618-1-rasmus.villemoes@prevas.dk> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: HE1PR0202CA0034.eurprd02.prod.outlook.com (2603:10a6:3:e4::20) To VI1PR10MB2639.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:803:e1::16) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Rasmus.Villemoes@prevas.se; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.20.1 x-originating-ip: [81.216.59.226] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: bd659fc9-0639-4757-dc31-08d6e9bf08df x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020);SRVR:VI1PR10MB2382; x-ms-traffictypediagnostic: VI1PR10MB2382: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 00594E8DBA x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(376002)(366004)(39850400004)(346002)(396003)(136003)(189003)(199004)(43544003)(6436002)(66066001)(76176011)(5660300002)(52116002)(478600001)(107886003)(71200400001)(71190400001)(6486002)(74482002)(3846002)(6116002)(44832011)(72206003)(2501003)(6512007)(54906003)(6666004)(486006)(2906002)(102836004)(73956011)(110136005)(8976002)(6506007)(99286004)(7736002)(386003)(53936002)(64756008)(446003)(316002)(476003)(66946007)(66556008)(81156014)(8676002)(81166006)(66446008)(11346002)(66476007)(4326008)(14454004)(50226002)(25786009)(2616005)(305945005)(26005)(36756003)(68736007)(42882007)(186003)(256004)(8936002)(14444005)(1076003);DIR:OUT;SFP:1102;SCL:1;SRVR:VI1PR10MB2382;H:VI1PR10MB2639.EURPRD10.PROD.OUTLOOK.COM;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: prevas.se does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: F2+mwUTWk6i5MnfHm5+SIffhHgEjxRvvPwzaBPDG/ifjv0gLUtCpAfsyN8hFbyy/2bw3qkpAKLaOzw3bQHX4iug8Qeo8H0rBsAvFCKpj8mKl5eYDSbPlt5FYXw2htOeKwjrqj4uucbrQM6xrgBnGzjxU818EkZGaFTsS5bCsIV9cTsoFlnZoe99u7qi1Rf/CcR+vvE83GXYp1wQEZ7Ps06/Nc4PeYFiIsDDXGbMq2/kaTLDLHLFLyYzcvUhWQKhZk6lVrp37R7cIqrQsjbQXFsDg6TZemAFl1zoWsqo8G8vOTVwG6+j9M86mpoGRTNzQ6fN074vf1KHnC10yz+0Qt+3JDqZMTJxZXFRyyq0q3lIDqFqJ0jP7WkyvRK1w2yKeAfOaaTwqlcTAeBCWoqOUYEBw2PB+NLH1qXJgg/qq+GA= MIME-Version: 1.0 X-OriginatorOrg: prevas.dk X-MS-Exchange-CrossTenant-Network-Message-Id: bd659fc9-0639-4757-dc31-08d6e9bf08df X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jun 2019 14:06:41.9376 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d350cf71-778d-4780-88f5-071a4cb1ed61 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Rasmus.Villemoes@prevas.dk X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR10MB2382 Sender: linux-watchdog-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-watchdog@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The watchdog framework takes care of feeding a hardware watchdog until userspace opens /dev/watchdogN. If that never happens for some reason (buggy init script, corrupt root filesystem or whatnot) but the kernel itself is fine, the machine stays up indefinitely. This patch allows setting an upper limit for how long the kernel will take care of the watchdog, thus ensuring that the watchdog will eventually reset the machine. A value of 0 (the default) means infinite timeout, preserving the current behaviour. This is particularly useful for embedded devices where some fallback logic is implemented in the bootloader (e.g., use a different root partition, boot from network, ...). There is already handle_boot_enabled serving a similar purpose. However, such a binary choice is unsuitable if the hardware watchdog cannot be programmed by the bootloader to provide a timeout long enough for userspace to get up and running. Many of the embedded devices we see use external (gpio-triggered) watchdogs with a fixed timeout of the order of 1-2 seconds. The open timeout only applies for the first open from userspace. Should userspace need to close the watchdog device, with the intention of re-opening it shortly, the application can emulate the open timeout feature by combining the nowayout feature with an appropriate WDIOC_SETTIMEOUT immediately prior to closing the device. Signed-off-by: Rasmus Villemoes Reviewed-by: Guenter Roeck --- .../watchdog/watchdog-parameters.txt | 8 +++++ drivers/watchdog/watchdog_dev.c | 36 ++++++++++++++++++- 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/Documentation/watchdog/watchdog-parameters.txt b/Documentation/watchdog/watchdog-parameters.txt index 0b88e333f9e1..32d3606caa65 100644 --- a/Documentation/watchdog/watchdog-parameters.txt +++ b/Documentation/watchdog/watchdog-parameters.txt @@ -8,6 +8,14 @@ See Documentation/admin-guide/kernel-parameters.rst for information on providing kernel parameters for builtin drivers versus loadable modules. +The watchdog core parameter watchdog.open_timeout is the maximum time, +in seconds, for which the watchdog framework will take care of pinging +a running hardware watchdog until userspace opens the corresponding +/dev/watchdogN device. A value of 0 (the default) means an infinite +timeout. Setting this to a non-zero value can be useful to ensure that +either userspace comes up properly, or the board gets reset and allows +fallback logic in the bootloader to try something else. + ------------------------------------------------- acquirewdt: diff --git a/drivers/watchdog/watchdog_dev.c b/drivers/watchdog/watchdog_dev.c index 252a7c7b6592..e4b51db48f0e 100644 --- a/drivers/watchdog/watchdog_dev.c +++ b/drivers/watchdog/watchdog_dev.c @@ -69,6 +69,7 @@ struct watchdog_core_data { struct mutex lock; ktime_t last_keepalive; ktime_t last_hw_keepalive; + ktime_t open_deadline; struct hrtimer timer; struct kthread_work work; unsigned long status; /* Internal status bits */ @@ -87,6 +88,19 @@ static struct kthread_worker *watchdog_kworker; static bool handle_boot_enabled = IS_ENABLED(CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED); +static unsigned open_timeout; + +static bool watchdog_past_open_deadline(struct watchdog_core_data *data) +{ + return ktime_after(ktime_get(), data->open_deadline); +} + +static void watchdog_set_open_deadline(struct watchdog_core_data *data) +{ + data->open_deadline = open_timeout ? + ktime_get() + ktime_set(open_timeout, 0) : KTIME_MAX; +} + static inline bool watchdog_need_worker(struct watchdog_device *wdd) { /* All variables in milli-seconds */ @@ -211,7 +225,13 @@ static bool watchdog_worker_should_ping(struct watchdog_core_data *wd_data) { struct watchdog_device *wdd = wd_data->wdd; - return wdd && (watchdog_active(wdd) || watchdog_hw_running(wdd)); + if (!wdd) + return false; + + if (watchdog_active(wdd)) + return true; + + return watchdog_hw_running(wdd) && !watchdog_past_open_deadline(wd_data); } static void watchdog_ping_work(struct kthread_work *work) @@ -824,6 +844,15 @@ static int watchdog_open(struct inode *inode, struct file *file) if (!hw_running) kref_get(&wd_data->kref); + /* + * open_timeout only applies for the first open from + * userspace. Set open_deadline to infinity so that the kernel + * will take care of an always-running hardware watchdog in + * case the device gets magic-closed or WDIOS_DISABLECARD is + * applied. + */ + wd_data->open_deadline = KTIME_MAX; + /* dev/watchdog is a virtual (and thus non-seekable) filesystem */ return stream_open(inode, file); @@ -983,6 +1012,7 @@ static int watchdog_cdev_register(struct watchdog_device *wdd, dev_t devno) /* Record time of most recent heartbeat as 'just before now'. */ wd_data->last_hw_keepalive = ktime_sub(ktime_get(), 1); + watchdog_set_open_deadline(wd_data); /* * If the watchdog is running, prevent its driver from being unloaded, @@ -1181,3 +1211,7 @@ module_param(handle_boot_enabled, bool, 0444); MODULE_PARM_DESC(handle_boot_enabled, "Watchdog core auto-updates boot enabled watchdogs before userspace takes over (default=" __MODULE_STRING(IS_ENABLED(CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED)) ")"); + +module_param(open_timeout, uint, 0644); +MODULE_PARM_DESC(open_timeout, + "Maximum time (in seconds, 0 means infinity) for userspace to take over a running watchdog (default=0)");