1 // SPDX-License-Identifier: GPL-2.0+
2 /*
3  *	watchdog_dev.c
4  *
5  *	(c) Copyright 2008-2011 Alan Cox <alan@lxorguk.ukuu.org.uk>,
6  *						All Rights Reserved.
7  *
8  *	(c) Copyright 2008-2011 Wim Van Sebroeck <wim@iguana.be>.
9  *
10  *
11  *	This source code is part of the generic code that can be used
12  *	by all the watchdog timer drivers.
13  *
14  *	This part of the generic code takes care of the following
15  *	misc device: /dev/watchdog.
16  *
17  *	Based on source code of the following authors:
18  *	  Matt Domsch <Matt_Domsch@dell.com>,
19  *	  Rob Radez <rob@osinvestor.com>,
20  *	  Rusty Lynch <rusty@linux.co.intel.com>
21  *	  Satyam Sharma <satyam@infradead.org>
22  *	  Randy Dunlap <randy.dunlap@oracle.com>
23  *
24  *	Neither Alan Cox, CymruNet Ltd., Wim Van Sebroeck nor Iguana vzw.
25  *	admit liability nor provide warranty for any of this software.
26  *	This material is provided "AS-IS" and at no charge.
27  */
28 
29 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
30 
31 #include <linux/cdev.h>		/* For character device */
32 #include <linux/errno.h>	/* For the -ENODEV/... values */
33 #include <linux/fs.h>		/* For file operations */
34 #include <linux/init.h>		/* For __init/__exit/... */
35 #include <linux/hrtimer.h>	/* For hrtimers */
36 #include <linux/kernel.h>	/* For printk/panic/... */
37 #include <linux/kref.h>		/* For data references */
38 #include <linux/kthread.h>	/* For kthread_work */
39 #include <linux/miscdevice.h>	/* For handling misc devices */
40 #include <linux/module.h>	/* For module stuff/... */
41 #include <linux/mutex.h>	/* For mutexes */
42 #include <linux/reboot.h>	/* For reboot notifier */
43 #include <linux/slab.h>		/* For memory functions */
44 #include <linux/types.h>	/* For standard types (like size_t) */
45 #include <linux/watchdog.h>	/* For watchdog specific items */
46 #include <linux/uaccess.h>	/* For copy_to_user/put_user/... */
47 
48 #include <uapi/linux/sched/types.h>	/* For struct sched_param */
49 
50 #include "watchdog_core.h"
51 #include "watchdog_pretimeout.h"
52 
53 /*
54  * struct watchdog_core_data - watchdog core internal data
55  * @kref:	Reference count.
56  * @cdev:	The watchdog's Character device.
57  * @wdd:	Pointer to watchdog device.
58  * @lock:	Lock for watchdog core.
59  * @status:	Watchdog core internal status bits.
60  */
61 struct watchdog_core_data {
62 	struct kref kref;
63 	struct cdev cdev;
64 	struct watchdog_device *wdd;
65 	struct mutex lock;
66 	ktime_t last_keepalive;
67 	ktime_t last_hw_keepalive;
68 	ktime_t open_deadline;
69 	struct hrtimer timer;
70 	struct kthread_work work;
71 	unsigned long status;		/* Internal status bits */
72 #define _WDOG_DEV_OPEN		0	/* Opened ? */
73 #define _WDOG_ALLOW_RELEASE	1	/* Did we receive the magic char ? */
74 #define _WDOG_KEEPALIVE		2	/* Did we receive a keepalive ? */
75 };
76 
77 /* the dev_t structure to store the dynamically allocated watchdog devices */
78 static dev_t watchdog_devt;
79 /* Reference to watchdog device behind /dev/watchdog */
80 static struct watchdog_core_data *old_wd_data;
81 
82 static struct kthread_worker *watchdog_kworker;
83 
84 static bool handle_boot_enabled =
85 	IS_ENABLED(CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED);
86 
87 static unsigned open_timeout = CONFIG_WATCHDOG_OPEN_TIMEOUT;
88 
watchdog_past_open_deadline(struct watchdog_core_data * data)89 static bool watchdog_past_open_deadline(struct watchdog_core_data *data)
90 {
91 	return ktime_after(ktime_get(), data->open_deadline);
92 }
93 
watchdog_set_open_deadline(struct watchdog_core_data * data)94 static void watchdog_set_open_deadline(struct watchdog_core_data *data)
95 {
96 	data->open_deadline = open_timeout ?
97 		ktime_get() + ktime_set(open_timeout, 0) : KTIME_MAX;
98 }
99 
watchdog_need_worker(struct watchdog_device * wdd)100 static inline bool watchdog_need_worker(struct watchdog_device *wdd)
101 {
102 	/* All variables in milli-seconds */
103 	unsigned int hm = wdd->max_hw_heartbeat_ms;
104 	unsigned int t = wdd->timeout * 1000;
105 
106 	/*
107 	 * A worker to generate heartbeat requests is needed if all of the
108 	 * following conditions are true.
109 	 * - Userspace activated the watchdog.
110 	 * - The driver provided a value for the maximum hardware timeout, and
111 	 *   thus is aware that the framework supports generating heartbeat
112 	 *   requests.
113 	 * - Userspace requests a longer timeout than the hardware can handle.
114 	 *
115 	 * Alternatively, if userspace has not opened the watchdog
116 	 * device, we take care of feeding the watchdog if it is
117 	 * running.
118 	 */
119 	return (hm && watchdog_active(wdd) && t > hm) ||
120 		(t && !watchdog_active(wdd) && watchdog_hw_running(wdd));
121 }
122 
watchdog_next_keepalive(struct watchdog_device * wdd)123 static ktime_t watchdog_next_keepalive(struct watchdog_device *wdd)
124 {
125 	struct watchdog_core_data *wd_data = wdd->wd_data;
126 	unsigned int timeout_ms = wdd->timeout * 1000;
127 	ktime_t keepalive_interval;
128 	ktime_t last_heartbeat, latest_heartbeat;
129 	ktime_t virt_timeout;
130 	unsigned int hw_heartbeat_ms;
131 
132 	if (watchdog_active(wdd))
133 		virt_timeout = ktime_add(wd_data->last_keepalive,
134 					 ms_to_ktime(timeout_ms));
135 	else
136 		virt_timeout = wd_data->open_deadline;
137 
138 	hw_heartbeat_ms = min_not_zero(timeout_ms, wdd->max_hw_heartbeat_ms);
139 	keepalive_interval = ms_to_ktime(hw_heartbeat_ms / 2);
140 
141 	/*
142 	 * To ensure that the watchdog times out wdd->timeout seconds
143 	 * after the most recent ping from userspace, the last
144 	 * worker ping has to come in hw_heartbeat_ms before this timeout.
145 	 */
146 	last_heartbeat = ktime_sub(virt_timeout, ms_to_ktime(hw_heartbeat_ms));
147 	latest_heartbeat = ktime_sub(last_heartbeat, ktime_get());
148 	if (ktime_before(latest_heartbeat, keepalive_interval))
149 		return latest_heartbeat;
150 	return keepalive_interval;
151 }
152 
watchdog_update_worker(struct watchdog_device * wdd)153 static inline void watchdog_update_worker(struct watchdog_device *wdd)
154 {
155 	struct watchdog_core_data *wd_data = wdd->wd_data;
156 
157 	if (watchdog_need_worker(wdd)) {
158 		ktime_t t = watchdog_next_keepalive(wdd);
159 
160 		if (t > 0)
161 			hrtimer_start(&wd_data->timer, t, HRTIMER_MODE_REL);
162 	} else {
163 		hrtimer_cancel(&wd_data->timer);
164 	}
165 }
166 
__watchdog_ping(struct watchdog_device * wdd)167 static int __watchdog_ping(struct watchdog_device *wdd)
168 {
169 	struct watchdog_core_data *wd_data = wdd->wd_data;
170 	ktime_t earliest_keepalive, now;
171 	int err;
172 
173 	earliest_keepalive = ktime_add(wd_data->last_hw_keepalive,
174 				       ms_to_ktime(wdd->min_hw_heartbeat_ms));
175 	now = ktime_get();
176 
177 	if (ktime_after(earliest_keepalive, now)) {
178 		hrtimer_start(&wd_data->timer,
179 			      ktime_sub(earliest_keepalive, now),
180 			      HRTIMER_MODE_REL);
181 		return 0;
182 	}
183 
184 	wd_data->last_hw_keepalive = now;
185 
186 	if (wdd->ops->ping)
187 		err = wdd->ops->ping(wdd);  /* ping the watchdog */
188 	else
189 		err = wdd->ops->start(wdd); /* restart watchdog */
190 
191 	watchdog_update_worker(wdd);
192 
193 	return err;
194 }
195 
196 /*
197  *	watchdog_ping: ping the watchdog.
198  *	@wdd: the watchdog device to ping
199  *
200  *	The caller must hold wd_data->lock.
201  *
202  *	If the watchdog has no own ping operation then it needs to be
203  *	restarted via the start operation. This wrapper function does
204  *	exactly that.
205  *	We only ping when the watchdog device is running.
206  */
207 
watchdog_ping(struct watchdog_device * wdd)208 static int watchdog_ping(struct watchdog_device *wdd)
209 {
210 	struct watchdog_core_data *wd_data = wdd->wd_data;
211 
212 	if (!watchdog_active(wdd) && !watchdog_hw_running(wdd))
213 		return 0;
214 
215 	set_bit(_WDOG_KEEPALIVE, &wd_data->status);
216 
217 	wd_data->last_keepalive = ktime_get();
218 	return __watchdog_ping(wdd);
219 }
220 
watchdog_worker_should_ping(struct watchdog_core_data * wd_data)221 static bool watchdog_worker_should_ping(struct watchdog_core_data *wd_data)
222 {
223 	struct watchdog_device *wdd = wd_data->wdd;
224 
225 	if (!wdd)
226 		return false;
227 
228 	if (watchdog_active(wdd))
229 		return true;
230 
231 	return watchdog_hw_running(wdd) && !watchdog_past_open_deadline(wd_data);
232 }
233 
watchdog_ping_work(struct kthread_work * work)234 static void watchdog_ping_work(struct kthread_work *work)
235 {
236 	struct watchdog_core_data *wd_data;
237 
238 	wd_data = container_of(work, struct watchdog_core_data, work);
239 
240 	mutex_lock(&wd_data->lock);
241 	if (watchdog_worker_should_ping(wd_data))
242 		__watchdog_ping(wd_data->wdd);
243 	mutex_unlock(&wd_data->lock);
244 }
245 
watchdog_timer_expired(struct hrtimer * timer)246 static enum hrtimer_restart watchdog_timer_expired(struct hrtimer *timer)
247 {
248 	struct watchdog_core_data *wd_data;
249 
250 	wd_data = container_of(timer, struct watchdog_core_data, timer);
251 
252 	kthread_queue_work(watchdog_kworker, &wd_data->work);
253 	return HRTIMER_NORESTART;
254 }
255 
256 /*
257  *	watchdog_start: wrapper to start the watchdog.
258  *	@wdd: the watchdog device to start
259  *
260  *	The caller must hold wd_data->lock.
261  *
262  *	Start the watchdog if it is not active and mark it active.
263  *	This function returns zero on success or a negative errno code for
264  *	failure.
265  */
266 
watchdog_start(struct watchdog_device * wdd)267 static int watchdog_start(struct watchdog_device *wdd)
268 {
269 	struct watchdog_core_data *wd_data = wdd->wd_data;
270 	ktime_t started_at;
271 	int err;
272 
273 	if (watchdog_active(wdd))
274 		return 0;
275 
276 	set_bit(_WDOG_KEEPALIVE, &wd_data->status);
277 
278 	started_at = ktime_get();
279 	if (watchdog_hw_running(wdd) && wdd->ops->ping)
280 		err = wdd->ops->ping(wdd);
281 	else
282 		err = wdd->ops->start(wdd);
283 	if (err == 0) {
284 		set_bit(WDOG_ACTIVE, &wdd->status);
285 		wd_data->last_keepalive = started_at;
286 		watchdog_update_worker(wdd);
287 	}
288 
289 	return err;
290 }
291 
292 /*
293  *	watchdog_stop: wrapper to stop the watchdog.
294  *	@wdd: the watchdog device to stop
295  *
296  *	The caller must hold wd_data->lock.
297  *
298  *	Stop the watchdog if it is still active and unmark it active.
299  *	This function returns zero on success or a negative errno code for
300  *	failure.
301  *	If the 'nowayout' feature was set, the watchdog cannot be stopped.
302  */
303 
watchdog_stop(struct watchdog_device * wdd)304 static int watchdog_stop(struct watchdog_device *wdd)
305 {
306 	int err = 0;
307 
308 	if (!watchdog_active(wdd))
309 		return 0;
310 
311 	if (test_bit(WDOG_NO_WAY_OUT, &wdd->status)) {
312 		pr_info("watchdog%d: nowayout prevents watchdog being stopped!\n",
313 			wdd->id);
314 		return -EBUSY;
315 	}
316 
317 	if (wdd->ops->stop) {
318 		clear_bit(WDOG_HW_RUNNING, &wdd->status);
319 		err = wdd->ops->stop(wdd);
320 	} else {
321 		set_bit(WDOG_HW_RUNNING, &wdd->status);
322 	}
323 
324 	if (err == 0) {
325 		clear_bit(WDOG_ACTIVE, &wdd->status);
326 		watchdog_update_worker(wdd);
327 	}
328 
329 	return err;
330 }
331 
332 /*
333  *	watchdog_get_status: wrapper to get the watchdog status
334  *	@wdd: the watchdog device to get the status from
335  *
336  *	The caller must hold wd_data->lock.
337  *
338  *	Get the watchdog's status flags.
339  */
340 
watchdog_get_status(struct watchdog_device * wdd)341 static unsigned int watchdog_get_status(struct watchdog_device *wdd)
342 {
343 	struct watchdog_core_data *wd_data = wdd->wd_data;
344 	unsigned int status;
345 
346 	if (wdd->ops->status)
347 		status = wdd->ops->status(wdd);
348 	else
349 		status = wdd->bootstatus & (WDIOF_CARDRESET |
350 					    WDIOF_OVERHEAT |
351 					    WDIOF_FANFAULT |
352 					    WDIOF_EXTERN1 |
353 					    WDIOF_EXTERN2 |
354 					    WDIOF_POWERUNDER |
355 					    WDIOF_POWEROVER);
356 
357 	if (test_bit(_WDOG_ALLOW_RELEASE, &wd_data->status))
358 		status |= WDIOF_MAGICCLOSE;
359 
360 	if (test_and_clear_bit(_WDOG_KEEPALIVE, &wd_data->status))
361 		status |= WDIOF_KEEPALIVEPING;
362 
363 	return status;
364 }
365 
366 /*
367  *	watchdog_set_timeout: set the watchdog timer timeout
368  *	@wdd: the watchdog device to set the timeout for
369  *	@timeout: timeout to set in seconds
370  *
371  *	The caller must hold wd_data->lock.
372  */
373 
watchdog_set_timeout(struct watchdog_device * wdd,unsigned int timeout)374 static int watchdog_set_timeout(struct watchdog_device *wdd,
375 							unsigned int timeout)
376 {
377 	int err = 0;
378 
379 	if (!(wdd->info->options & WDIOF_SETTIMEOUT))
380 		return -EOPNOTSUPP;
381 
382 	if (watchdog_timeout_invalid(wdd, timeout))
383 		return -EINVAL;
384 
385 	if (wdd->ops->set_timeout) {
386 		err = wdd->ops->set_timeout(wdd, timeout);
387 	} else {
388 		wdd->timeout = timeout;
389 		/* Disable pretimeout if it doesn't fit the new timeout */
390 		if (wdd->pretimeout >= wdd->timeout)
391 			wdd->pretimeout = 0;
392 	}
393 
394 	watchdog_update_worker(wdd);
395 
396 	return err;
397 }
398 
399 /*
400  *	watchdog_set_pretimeout: set the watchdog timer pretimeout
401  *	@wdd: the watchdog device to set the timeout for
402  *	@timeout: pretimeout to set in seconds
403  */
404 
watchdog_set_pretimeout(struct watchdog_device * wdd,unsigned int timeout)405 static int watchdog_set_pretimeout(struct watchdog_device *wdd,
406 				   unsigned int timeout)
407 {
408 	int err = 0;
409 
410 	if (!(wdd->info->options & WDIOF_PRETIMEOUT))
411 		return -EOPNOTSUPP;
412 
413 	if (watchdog_pretimeout_invalid(wdd, timeout))
414 		return -EINVAL;
415 
416 	if (wdd->ops->set_pretimeout)
417 		err = wdd->ops->set_pretimeout(wdd, timeout);
418 	else
419 		wdd->pretimeout = timeout;
420 
421 	return err;
422 }
423 
424 /*
425  *	watchdog_get_timeleft: wrapper to get the time left before a reboot
426  *	@wdd: the watchdog device to get the remaining time from
427  *	@timeleft: the time that's left
428  *
429  *	The caller must hold wd_data->lock.
430  *
431  *	Get the time before a watchdog will reboot (if not pinged).
432  */
433 
watchdog_get_timeleft(struct watchdog_device * wdd,unsigned int * timeleft)434 static int watchdog_get_timeleft(struct watchdog_device *wdd,
435 							unsigned int *timeleft)
436 {
437 	*timeleft = 0;
438 
439 	if (!wdd->ops->get_timeleft)
440 		return -EOPNOTSUPP;
441 
442 	*timeleft = wdd->ops->get_timeleft(wdd);
443 
444 	return 0;
445 }
446 
447 #ifdef CONFIG_WATCHDOG_SYSFS
nowayout_show(struct device * dev,struct device_attribute * attr,char * buf)448 static ssize_t nowayout_show(struct device *dev, struct device_attribute *attr,
449 				char *buf)
450 {
451 	struct watchdog_device *wdd = dev_get_drvdata(dev);
452 
453 	return sprintf(buf, "%d\n", !!test_bit(WDOG_NO_WAY_OUT, &wdd->status));
454 }
455 static DEVICE_ATTR_RO(nowayout);
456 
status_show(struct device * dev,struct device_attribute * attr,char * buf)457 static ssize_t status_show(struct device *dev, struct device_attribute *attr,
458 				char *buf)
459 {
460 	struct watchdog_device *wdd = dev_get_drvdata(dev);
461 	struct watchdog_core_data *wd_data = wdd->wd_data;
462 	unsigned int status;
463 
464 	mutex_lock(&wd_data->lock);
465 	status = watchdog_get_status(wdd);
466 	mutex_unlock(&wd_data->lock);
467 
468 	return sprintf(buf, "0x%x\n", status);
469 }
470 static DEVICE_ATTR_RO(status);
471 
bootstatus_show(struct device * dev,struct device_attribute * attr,char * buf)472 static ssize_t bootstatus_show(struct device *dev,
473 				struct device_attribute *attr, char *buf)
474 {
475 	struct watchdog_device *wdd = dev_get_drvdata(dev);
476 
477 	return sprintf(buf, "%u\n", wdd->bootstatus);
478 }
479 static DEVICE_ATTR_RO(bootstatus);
480 
timeleft_show(struct device * dev,struct device_attribute * attr,char * buf)481 static ssize_t timeleft_show(struct device *dev, struct device_attribute *attr,
482 				char *buf)
483 {
484 	struct watchdog_device *wdd = dev_get_drvdata(dev);
485 	struct watchdog_core_data *wd_data = wdd->wd_data;
486 	ssize_t status;
487 	unsigned int val;
488 
489 	mutex_lock(&wd_data->lock);
490 	status = watchdog_get_timeleft(wdd, &val);
491 	mutex_unlock(&wd_data->lock);
492 	if (!status)
493 		status = sprintf(buf, "%u\n", val);
494 
495 	return status;
496 }
497 static DEVICE_ATTR_RO(timeleft);
498 
timeout_show(struct device * dev,struct device_attribute * attr,char * buf)499 static ssize_t timeout_show(struct device *dev, struct device_attribute *attr,
500 				char *buf)
501 {
502 	struct watchdog_device *wdd = dev_get_drvdata(dev);
503 
504 	return sprintf(buf, "%u\n", wdd->timeout);
505 }
506 static DEVICE_ATTR_RO(timeout);
507 
pretimeout_show(struct device * dev,struct device_attribute * attr,char * buf)508 static ssize_t pretimeout_show(struct device *dev,
509 			       struct device_attribute *attr, char *buf)
510 {
511 	struct watchdog_device *wdd = dev_get_drvdata(dev);
512 
513 	return sprintf(buf, "%u\n", wdd->pretimeout);
514 }
515 static DEVICE_ATTR_RO(pretimeout);
516 
identity_show(struct device * dev,struct device_attribute * attr,char * buf)517 static ssize_t identity_show(struct device *dev, struct device_attribute *attr,
518 				char *buf)
519 {
520 	struct watchdog_device *wdd = dev_get_drvdata(dev);
521 
522 	return sprintf(buf, "%s\n", wdd->info->identity);
523 }
524 static DEVICE_ATTR_RO(identity);
525 
state_show(struct device * dev,struct device_attribute * attr,char * buf)526 static ssize_t state_show(struct device *dev, struct device_attribute *attr,
527 				char *buf)
528 {
529 	struct watchdog_device *wdd = dev_get_drvdata(dev);
530 
531 	if (watchdog_active(wdd))
532 		return sprintf(buf, "active\n");
533 
534 	return sprintf(buf, "inactive\n");
535 }
536 static DEVICE_ATTR_RO(state);
537 
pretimeout_available_governors_show(struct device * dev,struct device_attribute * attr,char * buf)538 static ssize_t pretimeout_available_governors_show(struct device *dev,
539 				   struct device_attribute *attr, char *buf)
540 {
541 	return watchdog_pretimeout_available_governors_get(buf);
542 }
543 static DEVICE_ATTR_RO(pretimeout_available_governors);
544 
pretimeout_governor_show(struct device * dev,struct device_attribute * attr,char * buf)545 static ssize_t pretimeout_governor_show(struct device *dev,
546 					struct device_attribute *attr,
547 					char *buf)
548 {
549 	struct watchdog_device *wdd = dev_get_drvdata(dev);
550 
551 	return watchdog_pretimeout_governor_get(wdd, buf);
552 }
553 
pretimeout_governor_store(struct device * dev,struct device_attribute * attr,const char * buf,size_t count)554 static ssize_t pretimeout_governor_store(struct device *dev,
555 					 struct device_attribute *attr,
556 					 const char *buf, size_t count)
557 {
558 	struct watchdog_device *wdd = dev_get_drvdata(dev);
559 	int ret = watchdog_pretimeout_governor_set(wdd, buf);
560 
561 	if (!ret)
562 		ret = count;
563 
564 	return ret;
565 }
566 static DEVICE_ATTR_RW(pretimeout_governor);
567 
wdt_is_visible(struct kobject * kobj,struct attribute * attr,int n)568 static umode_t wdt_is_visible(struct kobject *kobj, struct attribute *attr,
569 				int n)
570 {
571 	struct device *dev = container_of(kobj, struct device, kobj);
572 	struct watchdog_device *wdd = dev_get_drvdata(dev);
573 	umode_t mode = attr->mode;
574 
575 	if (attr == &dev_attr_timeleft.attr && !wdd->ops->get_timeleft)
576 		mode = 0;
577 	else if (attr == &dev_attr_pretimeout.attr &&
578 		 !(wdd->info->options & WDIOF_PRETIMEOUT))
579 		mode = 0;
580 	else if ((attr == &dev_attr_pretimeout_governor.attr ||
581 		  attr == &dev_attr_pretimeout_available_governors.attr) &&
582 		 (!(wdd->info->options & WDIOF_PRETIMEOUT) ||
583 		  !IS_ENABLED(CONFIG_WATCHDOG_PRETIMEOUT_GOV)))
584 		mode = 0;
585 
586 	return mode;
587 }
588 static struct attribute *wdt_attrs[] = {
589 	&dev_attr_state.attr,
590 	&dev_attr_identity.attr,
591 	&dev_attr_timeout.attr,
592 	&dev_attr_pretimeout.attr,
593 	&dev_attr_timeleft.attr,
594 	&dev_attr_bootstatus.attr,
595 	&dev_attr_status.attr,
596 	&dev_attr_nowayout.attr,
597 	&dev_attr_pretimeout_governor.attr,
598 	&dev_attr_pretimeout_available_governors.attr,
599 	NULL,
600 };
601 
602 static const struct attribute_group wdt_group = {
603 	.attrs = wdt_attrs,
604 	.is_visible = wdt_is_visible,
605 };
606 __ATTRIBUTE_GROUPS(wdt);
607 #else
608 #define wdt_groups	NULL
609 #endif
610 
611 /*
612  *	watchdog_ioctl_op: call the watchdog drivers ioctl op if defined
613  *	@wdd: the watchdog device to do the ioctl on
614  *	@cmd: watchdog command
615  *	@arg: argument pointer
616  *
617  *	The caller must hold wd_data->lock.
618  */
619 
watchdog_ioctl_op(struct watchdog_device * wdd,unsigned int cmd,unsigned long arg)620 static int watchdog_ioctl_op(struct watchdog_device *wdd, unsigned int cmd,
621 							unsigned long arg)
622 {
623 	if (!wdd->ops->ioctl)
624 		return -ENOIOCTLCMD;
625 
626 	return wdd->ops->ioctl(wdd, cmd, arg);
627 }
628 
629 /*
630  *	watchdog_write: writes to the watchdog.
631  *	@file: file from VFS
632  *	@data: user address of data
633  *	@len: length of data
634  *	@ppos: pointer to the file offset
635  *
636  *	A write to a watchdog device is defined as a keepalive ping.
637  *	Writing the magic 'V' sequence allows the next close to turn
638  *	off the watchdog (if 'nowayout' is not set).
639  */
640 
watchdog_write(struct file * file,const char __user * data,size_t len,loff_t * ppos)641 static ssize_t watchdog_write(struct file *file, const char __user *data,
642 						size_t len, loff_t *ppos)
643 {
644 	struct watchdog_core_data *wd_data = file->private_data;
645 	struct watchdog_device *wdd;
646 	int err;
647 	size_t i;
648 	char c;
649 
650 	if (len == 0)
651 		return 0;
652 
653 	/*
654 	 * Note: just in case someone wrote the magic character
655 	 * five months ago...
656 	 */
657 	clear_bit(_WDOG_ALLOW_RELEASE, &wd_data->status);
658 
659 	/* scan to see whether or not we got the magic character */
660 	for (i = 0; i != len; i++) {
661 		if (get_user(c, data + i))
662 			return -EFAULT;
663 		if (c == 'V')
664 			set_bit(_WDOG_ALLOW_RELEASE, &wd_data->status);
665 	}
666 
667 	/* someone wrote to us, so we send the watchdog a keepalive ping */
668 
669 	err = -ENODEV;
670 	mutex_lock(&wd_data->lock);
671 	wdd = wd_data->wdd;
672 	if (wdd)
673 		err = watchdog_ping(wdd);
674 	mutex_unlock(&wd_data->lock);
675 
676 	if (err < 0)
677 		return err;
678 
679 	return len;
680 }
681 
682 /*
683  *	watchdog_ioctl: handle the different ioctl's for the watchdog device.
684  *	@file: file handle to the device
685  *	@cmd: watchdog command
686  *	@arg: argument pointer
687  *
688  *	The watchdog API defines a common set of functions for all watchdogs
689  *	according to their available features.
690  */
691 
watchdog_ioctl(struct file * file,unsigned int cmd,unsigned long arg)692 static long watchdog_ioctl(struct file *file, unsigned int cmd,
693 							unsigned long arg)
694 {
695 	struct watchdog_core_data *wd_data = file->private_data;
696 	void __user *argp = (void __user *)arg;
697 	struct watchdog_device *wdd;
698 	int __user *p = argp;
699 	unsigned int val;
700 	int err;
701 
702 	mutex_lock(&wd_data->lock);
703 
704 	wdd = wd_data->wdd;
705 	if (!wdd) {
706 		err = -ENODEV;
707 		goto out_ioctl;
708 	}
709 
710 	err = watchdog_ioctl_op(wdd, cmd, arg);
711 	if (err != -ENOIOCTLCMD)
712 		goto out_ioctl;
713 
714 	switch (cmd) {
715 	case WDIOC_GETSUPPORT:
716 		err = copy_to_user(argp, wdd->info,
717 			sizeof(struct watchdog_info)) ? -EFAULT : 0;
718 		break;
719 	case WDIOC_GETSTATUS:
720 		val = watchdog_get_status(wdd);
721 		err = put_user(val, p);
722 		break;
723 	case WDIOC_GETBOOTSTATUS:
724 		err = put_user(wdd->bootstatus, p);
725 		break;
726 	case WDIOC_SETOPTIONS:
727 		if (get_user(val, p)) {
728 			err = -EFAULT;
729 			break;
730 		}
731 		if (val & WDIOS_DISABLECARD) {
732 			err = watchdog_stop(wdd);
733 			if (err < 0)
734 				break;
735 		}
736 		if (val & WDIOS_ENABLECARD)
737 			err = watchdog_start(wdd);
738 		break;
739 	case WDIOC_KEEPALIVE:
740 		if (!(wdd->info->options & WDIOF_KEEPALIVEPING)) {
741 			err = -EOPNOTSUPP;
742 			break;
743 		}
744 		err = watchdog_ping(wdd);
745 		break;
746 	case WDIOC_SETTIMEOUT:
747 		if (get_user(val, p)) {
748 			err = -EFAULT;
749 			break;
750 		}
751 		err = watchdog_set_timeout(wdd, val);
752 		if (err < 0)
753 			break;
754 		/* If the watchdog is active then we send a keepalive ping
755 		 * to make sure that the watchdog keep's running (and if
756 		 * possible that it takes the new timeout) */
757 		err = watchdog_ping(wdd);
758 		if (err < 0)
759 			break;
760 		/* fall through */
761 	case WDIOC_GETTIMEOUT:
762 		/* timeout == 0 means that we don't know the timeout */
763 		if (wdd->timeout == 0) {
764 			err = -EOPNOTSUPP;
765 			break;
766 		}
767 		err = put_user(wdd->timeout, p);
768 		break;
769 	case WDIOC_GETTIMELEFT:
770 		err = watchdog_get_timeleft(wdd, &val);
771 		if (err < 0)
772 			break;
773 		err = put_user(val, p);
774 		break;
775 	case WDIOC_SETPRETIMEOUT:
776 		if (get_user(val, p)) {
777 			err = -EFAULT;
778 			break;
779 		}
780 		err = watchdog_set_pretimeout(wdd, val);
781 		break;
782 	case WDIOC_GETPRETIMEOUT:
783 		err = put_user(wdd->pretimeout, p);
784 		break;
785 	default:
786 		err = -ENOTTY;
787 		break;
788 	}
789 
790 out_ioctl:
791 	mutex_unlock(&wd_data->lock);
792 	return err;
793 }
794 
795 /*
796  *	watchdog_open: open the /dev/watchdog* devices.
797  *	@inode: inode of device
798  *	@file: file handle to device
799  *
800  *	When the /dev/watchdog* device gets opened, we start the watchdog.
801  *	Watch out: the /dev/watchdog device is single open, so we make sure
802  *	it can only be opened once.
803  */
804 
watchdog_open(struct inode * inode,struct file * file)805 static int watchdog_open(struct inode *inode, struct file *file)
806 {
807 	struct watchdog_core_data *wd_data;
808 	struct watchdog_device *wdd;
809 	bool hw_running;
810 	int err;
811 
812 	/* Get the corresponding watchdog device */
813 	if (imajor(inode) == MISC_MAJOR)
814 		wd_data = old_wd_data;
815 	else
816 		wd_data = container_of(inode->i_cdev, struct watchdog_core_data,
817 				       cdev);
818 
819 	/* the watchdog is single open! */
820 	if (test_and_set_bit(_WDOG_DEV_OPEN, &wd_data->status))
821 		return -EBUSY;
822 
823 	wdd = wd_data->wdd;
824 
825 	/*
826 	 * If the /dev/watchdog device is open, we don't want the module
827 	 * to be unloaded.
828 	 */
829 	hw_running = watchdog_hw_running(wdd);
830 	if (!hw_running && !try_module_get(wdd->ops->owner)) {
831 		err = -EBUSY;
832 		goto out_clear;
833 	}
834 
835 	err = watchdog_start(wdd);
836 	if (err < 0)
837 		goto out_mod;
838 
839 	file->private_data = wd_data;
840 
841 	if (!hw_running)
842 		kref_get(&wd_data->kref);
843 
844 	/*
845 	 * open_timeout only applies for the first open from
846 	 * userspace. Set open_deadline to infinity so that the kernel
847 	 * will take care of an always-running hardware watchdog in
848 	 * case the device gets magic-closed or WDIOS_DISABLECARD is
849 	 * applied.
850 	 */
851 	wd_data->open_deadline = KTIME_MAX;
852 
853 	/* dev/watchdog is a virtual (and thus non-seekable) filesystem */
854 	return stream_open(inode, file);
855 
856 out_mod:
857 	module_put(wd_data->wdd->ops->owner);
858 out_clear:
859 	clear_bit(_WDOG_DEV_OPEN, &wd_data->status);
860 	return err;
861 }
862 
watchdog_core_data_release(struct kref * kref)863 static void watchdog_core_data_release(struct kref *kref)
864 {
865 	struct watchdog_core_data *wd_data;
866 
867 	wd_data = container_of(kref, struct watchdog_core_data, kref);
868 
869 	kfree(wd_data);
870 }
871 
872 /*
873  *	watchdog_release: release the watchdog device.
874  *	@inode: inode of device
875  *	@file: file handle to device
876  *
877  *	This is the code for when /dev/watchdog gets closed. We will only
878  *	stop the watchdog when we have received the magic char (and nowayout
879  *	was not set), else the watchdog will keep running.
880  */
881 
watchdog_release(struct inode * inode,struct file * file)882 static int watchdog_release(struct inode *inode, struct file *file)
883 {
884 	struct watchdog_core_data *wd_data = file->private_data;
885 	struct watchdog_device *wdd;
886 	int err = -EBUSY;
887 	bool running;
888 
889 	mutex_lock(&wd_data->lock);
890 
891 	wdd = wd_data->wdd;
892 	if (!wdd)
893 		goto done;
894 
895 	/*
896 	 * We only stop the watchdog if we received the magic character
897 	 * or if WDIOF_MAGICCLOSE is not set. If nowayout was set then
898 	 * watchdog_stop will fail.
899 	 */
900 	if (!test_bit(WDOG_ACTIVE, &wdd->status))
901 		err = 0;
902 	else if (test_and_clear_bit(_WDOG_ALLOW_RELEASE, &wd_data->status) ||
903 		 !(wdd->info->options & WDIOF_MAGICCLOSE))
904 		err = watchdog_stop(wdd);
905 
906 	/* If the watchdog was not stopped, send a keepalive ping */
907 	if (err < 0) {
908 		pr_crit("watchdog%d: watchdog did not stop!\n", wdd->id);
909 		watchdog_ping(wdd);
910 	}
911 
912 	watchdog_update_worker(wdd);
913 
914 	/* make sure that /dev/watchdog can be re-opened */
915 	clear_bit(_WDOG_DEV_OPEN, &wd_data->status);
916 
917 done:
918 	running = wdd && watchdog_hw_running(wdd);
919 	mutex_unlock(&wd_data->lock);
920 	/*
921 	 * Allow the owner module to be unloaded again unless the watchdog
922 	 * is still running. If the watchdog is still running, it can not
923 	 * be stopped, and its driver must not be unloaded.
924 	 */
925 	if (!running) {
926 		module_put(wd_data->cdev.owner);
927 		kref_put(&wd_data->kref, watchdog_core_data_release);
928 	}
929 	return 0;
930 }
931 
932 static const struct file_operations watchdog_fops = {
933 	.owner		= THIS_MODULE,
934 	.write		= watchdog_write,
935 	.unlocked_ioctl	= watchdog_ioctl,
936 	.open		= watchdog_open,
937 	.release	= watchdog_release,
938 };
939 
940 static struct miscdevice watchdog_miscdev = {
941 	.minor		= WATCHDOG_MINOR,
942 	.name		= "watchdog",
943 	.fops		= &watchdog_fops,
944 };
945 
946 /*
947  *	watchdog_cdev_register: register watchdog character device
948  *	@wdd: watchdog device
949  *	@devno: character device number
950  *
951  *	Register a watchdog character device including handling the legacy
952  *	/dev/watchdog node. /dev/watchdog is actually a miscdevice and
953  *	thus we set it up like that.
954  */
955 
watchdog_cdev_register(struct watchdog_device * wdd,dev_t devno)956 static int watchdog_cdev_register(struct watchdog_device *wdd, dev_t devno)
957 {
958 	struct watchdog_core_data *wd_data;
959 	int err;
960 
961 	wd_data = kzalloc(sizeof(struct watchdog_core_data), GFP_KERNEL);
962 	if (!wd_data)
963 		return -ENOMEM;
964 	kref_init(&wd_data->kref);
965 	mutex_init(&wd_data->lock);
966 
967 	wd_data->wdd = wdd;
968 	wdd->wd_data = wd_data;
969 
970 	if (IS_ERR_OR_NULL(watchdog_kworker))
971 		return -ENODEV;
972 
973 	kthread_init_work(&wd_data->work, watchdog_ping_work);
974 	hrtimer_init(&wd_data->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL);
975 	wd_data->timer.function = watchdog_timer_expired;
976 
977 	if (wdd->id == 0) {
978 		old_wd_data = wd_data;
979 		watchdog_miscdev.parent = wdd->parent;
980 		err = misc_register(&watchdog_miscdev);
981 		if (err != 0) {
982 			pr_err("%s: cannot register miscdev on minor=%d (err=%d).\n",
983 				wdd->info->identity, WATCHDOG_MINOR, err);
984 			if (err == -EBUSY)
985 				pr_err("%s: a legacy watchdog module is probably present.\n",
986 					wdd->info->identity);
987 			old_wd_data = NULL;
988 			kfree(wd_data);
989 			return err;
990 		}
991 	}
992 
993 	/* Fill in the data structures */
994 	cdev_init(&wd_data->cdev, &watchdog_fops);
995 	wd_data->cdev.owner = wdd->ops->owner;
996 
997 	/* Add the device */
998 	err = cdev_add(&wd_data->cdev, devno, 1);
999 	if (err) {
1000 		pr_err("watchdog%d unable to add device %d:%d\n",
1001 			wdd->id,  MAJOR(watchdog_devt), wdd->id);
1002 		if (wdd->id == 0) {
1003 			misc_deregister(&watchdog_miscdev);
1004 			old_wd_data = NULL;
1005 			kref_put(&wd_data->kref, watchdog_core_data_release);
1006 		}
1007 		return err;
1008 	}
1009 
1010 	/* Record time of most recent heartbeat as 'just before now'. */
1011 	wd_data->last_hw_keepalive = ktime_sub(ktime_get(), 1);
1012 	watchdog_set_open_deadline(wd_data);
1013 
1014 	/*
1015 	 * If the watchdog is running, prevent its driver from being unloaded,
1016 	 * and schedule an immediate ping.
1017 	 */
1018 	if (watchdog_hw_running(wdd)) {
1019 		__module_get(wdd->ops->owner);
1020 		kref_get(&wd_data->kref);
1021 		if (handle_boot_enabled)
1022 			hrtimer_start(&wd_data->timer, 0, HRTIMER_MODE_REL);
1023 		else
1024 			pr_info("watchdog%d running and kernel based pre-userspace handler disabled\n",
1025 				wdd->id);
1026 	}
1027 
1028 	return 0;
1029 }
1030 
1031 /*
1032  *	watchdog_cdev_unregister: unregister watchdog character device
1033  *	@watchdog: watchdog device
1034  *
1035  *	Unregister watchdog character device and if needed the legacy
1036  *	/dev/watchdog device.
1037  */
1038 
watchdog_cdev_unregister(struct watchdog_device * wdd)1039 static void watchdog_cdev_unregister(struct watchdog_device *wdd)
1040 {
1041 	struct watchdog_core_data *wd_data = wdd->wd_data;
1042 
1043 	cdev_del(&wd_data->cdev);
1044 	if (wdd->id == 0) {
1045 		misc_deregister(&watchdog_miscdev);
1046 		old_wd_data = NULL;
1047 	}
1048 
1049 	if (watchdog_active(wdd) &&
1050 	    test_bit(WDOG_STOP_ON_UNREGISTER, &wdd->status)) {
1051 		watchdog_stop(wdd);
1052 	}
1053 
1054 	mutex_lock(&wd_data->lock);
1055 	wd_data->wdd = NULL;
1056 	wdd->wd_data = NULL;
1057 	mutex_unlock(&wd_data->lock);
1058 
1059 	hrtimer_cancel(&wd_data->timer);
1060 	kthread_cancel_work_sync(&wd_data->work);
1061 
1062 	kref_put(&wd_data->kref, watchdog_core_data_release);
1063 }
1064 
1065 static struct class watchdog_class = {
1066 	.name =		"watchdog",
1067 	.owner =	THIS_MODULE,
1068 	.dev_groups =	wdt_groups,
1069 };
1070 
watchdog_reboot_notifier(struct notifier_block * nb,unsigned long code,void * data)1071 static int watchdog_reboot_notifier(struct notifier_block *nb,
1072 				    unsigned long code, void *data)
1073 {
1074 	struct watchdog_device *wdd;
1075 
1076 	wdd = container_of(nb, struct watchdog_device, reboot_nb);
1077 	if (code == SYS_DOWN || code == SYS_HALT) {
1078 		if (watchdog_active(wdd)) {
1079 			int ret;
1080 
1081 			ret = wdd->ops->stop(wdd);
1082 			if (ret)
1083 				return NOTIFY_BAD;
1084 		}
1085 	}
1086 
1087 	return NOTIFY_DONE;
1088 }
1089 
1090 /*
1091  *	watchdog_dev_register: register a watchdog device
1092  *	@wdd: watchdog device
1093  *
1094  *	Register a watchdog device including handling the legacy
1095  *	/dev/watchdog node. /dev/watchdog is actually a miscdevice and
1096  *	thus we set it up like that.
1097  */
1098 
watchdog_dev_register(struct watchdog_device * wdd)1099 int watchdog_dev_register(struct watchdog_device *wdd)
1100 {
1101 	struct device *dev;
1102 	dev_t devno;
1103 	int ret;
1104 
1105 	devno = MKDEV(MAJOR(watchdog_devt), wdd->id);
1106 
1107 	ret = watchdog_cdev_register(wdd, devno);
1108 	if (ret)
1109 		return ret;
1110 
1111 	dev = device_create_with_groups(&watchdog_class, wdd->parent,
1112 					devno, wdd, wdd->groups,
1113 					"watchdog%d", wdd->id);
1114 	if (IS_ERR(dev)) {
1115 		watchdog_cdev_unregister(wdd);
1116 		return PTR_ERR(dev);
1117 	}
1118 
1119 	ret = watchdog_register_pretimeout(wdd);
1120 	if (ret) {
1121 		device_destroy(&watchdog_class, devno);
1122 		watchdog_cdev_unregister(wdd);
1123 		return ret;
1124 	}
1125 
1126 	if (test_bit(WDOG_STOP_ON_REBOOT, &wdd->status)) {
1127 		wdd->reboot_nb.notifier_call = watchdog_reboot_notifier;
1128 
1129 		ret = devm_register_reboot_notifier(dev, &wdd->reboot_nb);
1130 		if (ret) {
1131 			pr_err("watchdog%d: Cannot register reboot notifier (%d)\n",
1132 			       wdd->id, ret);
1133 			watchdog_dev_unregister(wdd);
1134 		}
1135 	}
1136 
1137 	return ret;
1138 }
1139 
1140 /*
1141  *	watchdog_dev_unregister: unregister a watchdog device
1142  *	@watchdog: watchdog device
1143  *
1144  *	Unregister watchdog device and if needed the legacy
1145  *	/dev/watchdog device.
1146  */
1147 
watchdog_dev_unregister(struct watchdog_device * wdd)1148 void watchdog_dev_unregister(struct watchdog_device *wdd)
1149 {
1150 	watchdog_unregister_pretimeout(wdd);
1151 	device_destroy(&watchdog_class, wdd->wd_data->cdev.dev);
1152 	watchdog_cdev_unregister(wdd);
1153 }
1154 
1155 /*
1156  *	watchdog_dev_init: init dev part of watchdog core
1157  *
1158  *	Allocate a range of chardev nodes to use for watchdog devices
1159  */
1160 
watchdog_dev_init(void)1161 int __init watchdog_dev_init(void)
1162 {
1163 	int err;
1164 	struct sched_param param = {.sched_priority = MAX_RT_PRIO - 1,};
1165 
1166 	watchdog_kworker = kthread_create_worker(0, "watchdogd");
1167 	if (IS_ERR(watchdog_kworker)) {
1168 		pr_err("Failed to create watchdog kworker\n");
1169 		return PTR_ERR(watchdog_kworker);
1170 	}
1171 	sched_setscheduler(watchdog_kworker->task, SCHED_FIFO, &param);
1172 
1173 	err = class_register(&watchdog_class);
1174 	if (err < 0) {
1175 		pr_err("couldn't register class\n");
1176 		goto err_register;
1177 	}
1178 
1179 	err = alloc_chrdev_region(&watchdog_devt, 0, MAX_DOGS, "watchdog");
1180 	if (err < 0) {
1181 		pr_err("watchdog: unable to allocate char dev region\n");
1182 		goto err_alloc;
1183 	}
1184 
1185 	return 0;
1186 
1187 err_alloc:
1188 	class_unregister(&watchdog_class);
1189 err_register:
1190 	kthread_destroy_worker(watchdog_kworker);
1191 	return err;
1192 }
1193 
1194 /*
1195  *	watchdog_dev_exit: exit dev part of watchdog core
1196  *
1197  *	Release the range of chardev nodes used for watchdog devices
1198  */
1199 
watchdog_dev_exit(void)1200 void __exit watchdog_dev_exit(void)
1201 {
1202 	unregister_chrdev_region(watchdog_devt, MAX_DOGS);
1203 	class_unregister(&watchdog_class);
1204 	kthread_destroy_worker(watchdog_kworker);
1205 }
1206 
1207 module_param(handle_boot_enabled, bool, 0444);
1208 MODULE_PARM_DESC(handle_boot_enabled,
1209 	"Watchdog core auto-updates boot enabled watchdogs before userspace takes over (default="
1210 	__MODULE_STRING(IS_ENABLED(CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED)) ")");
1211 
1212 module_param(open_timeout, uint, 0644);
1213 MODULE_PARM_DESC(open_timeout,
1214 	"Maximum time (in seconds, 0 means infinity) for userspace to take over a running watchdog (default="
1215 	__MODULE_STRING(CONFIG_WATCHDOG_OPEN_TIMEOUT) ")");
1216