From owner-svn-src-all@freebsd.org Wed Aug 19 21:46:14 2015 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 334689BEA03; Wed, 19 Aug 2015 21:46:14 +0000 (UTC) (envelope-from ian@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1C584911; Wed, 19 Aug 2015 21:46:14 +0000 (UTC) (envelope-from ian@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t7JLkD7p058539; Wed, 19 Aug 2015 21:46:13 GMT (envelope-from ian@FreeBSD.org) Received: (from ian@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t7JLkDnm058537; Wed, 19 Aug 2015 21:46:13 GMT (envelope-from ian@FreeBSD.org) Message-Id: <201508192146.t7JLkDnm058537@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ian set sender to ian@FreeBSD.org using -f From: Ian Lepore Date: Wed, 19 Aug 2015 21:46:13 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r286947 - head/usr.sbin/watchdogd X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Aug 2015 21:46:14 -0000 Author: ian Date: Wed Aug 19 21:46:12 2015 New Revision: 286947 URL: https://svnweb.freebsd.org/changeset/base/286947 Log: Add a new exit-timeout option to watchdogd. Watchdogd currently disables the watchdog when it exits, such as during rc.shutdown processing. That leaves the system vulnerable to getting hung or deadlocked during the shutdown part of a reboot. For embedded systems it's especially important that the hardware watchdog always be active. It can also be useful for servers that are administered remotely. The new -x option tells watchdogd to program the watchdog with the given timeout just before exiting. The -x value can be longer or shorter than the -t normal time value, to allow for various exceptional conditions at shutdown such as allowing extra time for buffer flushing. The exit value is also used internally in the "failsafe" handling (which used to just disable the watchdog), on the theory that if you're using this option, "safe" means having the watchdog always running, not disabled. The default is still to disable the watchdog on exit if -x is not specified. Differential Revision: https://reviews.freebsd.org/D2556 (timed out) Modified: head/usr.sbin/watchdogd/watchdogd.8 head/usr.sbin/watchdogd/watchdogd.c Modified: head/usr.sbin/watchdogd/watchdogd.8 ============================================================================== --- head/usr.sbin/watchdogd/watchdogd.8 Wed Aug 19 21:23:17 2015 (r286946) +++ head/usr.sbin/watchdogd/watchdogd.8 Wed Aug 19 21:46:12 2015 (r286947) @@ -27,7 +27,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 16, 2014 +.Dd May 11, 2015 .Dt WATCHDOGD 8 .Os .Sh NAME @@ -46,6 +46,7 @@ .Op Fl s Ar sleep .Op Fl t Ar timeout .Op Fl T Ar script_timeout +.Op Fl x Ar exit_timeout .Sh DESCRIPTION The .Nm @@ -103,14 +104,25 @@ defaults to the value specified by the .Fl s Ar sleep option. .Pp +The +.Fl x Ar exit_timeout +argument is the timeout period (in seconds) to leave in effect when the +program exits. +Using +.Fl x +with a non-zero value protects against lockup during a reboot by +triggering a hardware reset if the software reboot doesn't complete +before the given timeout expires. +.Pp Upon receiving the .Dv SIGTERM or .Dv SIGINT signals, .Nm -will first instruct the kernel to no longer perform watchdog checks and then -will terminate. +will terminate, after first instructing the kernel to either disable the +timeout or reset it to the value given by +.Fl x Ar exit_timeout . .Pp The .Nm Modified: head/usr.sbin/watchdogd/watchdogd.c ============================================================================== --- head/usr.sbin/watchdogd/watchdogd.c Wed Aug 19 21:23:17 2015 (r286946) +++ head/usr.sbin/watchdogd/watchdogd.c Wed Aug 19 21:46:12 2015 (r286947) @@ -77,6 +77,7 @@ static int debugging = 0; static int end_program = 0; static const char *pidfile = _PATH_VARRUN "watchdogd.pid"; static u_int timeout = WD_TO_128SEC; +static u_int exit_timeout = WD_TO_NEVER; static u_int pretimeout = 0; static u_int timeout_sec; static u_int passive = 0; @@ -461,10 +462,10 @@ watchdog_onoff(int onoff) /* pat one more time for good measure */ return watchdog_patpat((timeout|WD_ACTIVE)); } else { - return watchdog_patpat(0); + return watchdog_patpat(exit_timeout); } failsafe: - watchdog_patpat(0); + watchdog_patpat(exit_timeout); return (error); } @@ -476,8 +477,8 @@ usage(void) { if (is_daemon) fprintf(stderr, "usage:\n" -" watchdogd [-dnSw] [-e cmd] [-I file] [-s sleep] [-t timeout]\n" -" [-T script_timeout]\n" +" watchdogd [-dnSw] [-e cmd] [-I pidfile] [-s sleep] [-t timeout]\n" +" [-T script_timeout] [-x exit_timeout]\n" " [--debug]\n" " [--pretimeout seconds] [-pretimeout-action action]\n" " [--softtimeout] [-softtimeout-action action]\n" @@ -697,7 +698,7 @@ parseargs(int argc, char *argv[]) is_daemon = 1; if (is_daemon) - getopt_shortopts = "I:de:ns:t:ST:w?"; + getopt_shortopts = "I:de:ns:t:ST:wx:?"; else getopt_shortopts = "dt:?"; @@ -741,6 +742,11 @@ parseargs(int argc, char *argv[]) case 'w': do_timedog = 1; break; + case 'x': + exit_timeout = parse_timeout_to_pow2ns(c, NULL, optarg); + if (exit_timeout != 0) + exit_timeout |= WD_ACTIVE; + break; case 0: lopt = longopts[longindex].name; if (!strcmp(lopt, "pretimeout")) {