Re: [PATCH v2] watchdog: alim1535: Rewriting of alim1535 to use watchdog subsystem

From: Guenter Roeck
Date: Thu Aug 01 2019 - 22:05:37 EST


On Thu, Aug 01, 2019 at 01:58:34PM -0700, Mark Balantzyan wrote:
> This patch rewrites the alim1535_wdt driver to use the watchdog subsystem. By virtue of this, it also fixes a potential race condition between ali_timeout_bits and ali_settimer().
>
There is no such race condition, as I explained (or tried
to explain) before. Your tool does not take into account
that the device can only be opened exactly once.

Your description exceeds 75 columns.

> Signed-off-by: Mark Balantzyan <mbalant3@xxxxxxxxx>
> ---
> drivers/watchdog/Kconfig | 1 +
> drivers/watchdog/alim1535_wdt.c | 275 +++++---------------------------
> 2 files changed, 37 insertions(+), 239 deletions(-)
>
> diff --git a/drivers/watchdog/Kconfig b/drivers/watchdog/Kconfig
> index 9af07fd9..980b0c90 100644
> --- a/drivers/watchdog/Kconfig
> +++ b/drivers/watchdog/Kconfig
> @@ -853,6 +853,7 @@ config ADVANTECH_WDT
>
> config ALIM1535_WDT
> tristate "ALi M1535 PMU Watchdog Timer"
> + select WATCHDOG_CORE
> depends on X86 && PCI
> ---help---
> This is the driver for the hardware watchdog on the ALi M1535 PMU.
> diff --git a/drivers/watchdog/alim1535_wdt.c b/drivers/watchdog/alim1535_wdt.c
> index 60f0c2eb..55648ba8 100644
> --- a/drivers/watchdog/alim1535_wdt.c
> +++ b/drivers/watchdog/alim1535_wdt.c
> @@ -12,26 +12,18 @@
> #include <linux/module.h>
> #include <linux/moduleparam.h>
> #include <linux/types.h>
> -#include <linux/miscdevice.h>
> #include <linux/watchdog.h>
> #include <linux/ioport.h>

Not needed.

> -#include <linux/notifier.h>
> -#include <linux/reboot.h>
> -#include <linux/init.h>
> -#include <linux/fs.h>
> -#include <linux/pci.h>
> #include <linux/uaccess.h>

No longer needed.

> #include <linux/io.h>

Not needed.

> +#include <linux/pci.h>

Why did you move this include file ?

>
> #define WATCHDOG_NAME "ALi_M1535"
> #define WATCHDOG_TIMEOUT 60 /* 60 sec default timeout */
>
> /* internal variables */
> -static unsigned long ali_is_open;
> -static char ali_expect_release;
> static struct pci_dev *ali_pci;
> static u32 ali_timeout_bits; /* stores the computed timeout */
> -static DEFINE_SPINLOCK(ali_lock); /* Guards the hardware */
>
> /* module parameters */
> static int timeout = WATCHDOG_TIMEOUT;

Should be set to 0.

> @@ -53,18 +45,15 @@ MODULE_PARM_DESC(nowayout,
> * configuration set.
> */
>
> -static void ali_start(void)
> +static int ali_start(struct watchdog_device *wdd)
> {
> u32 val;
>
> - spin_lock(&ali_lock);
> -

Side note: Presumably this lock was supposed to guard
accesses to the PCI configuration register by other
drivers, but it never did that. The lock was useless
from the beginning.

> pci_read_config_dword(ali_pci, 0xCC, &val);
> val &= ~0x3F; /* Mask count */
> val |= (1 << 25) | ali_timeout_bits;
> pci_write_config_dword(ali_pci, 0xCC, val);
> -
> - spin_unlock(&ali_lock);
> + return 0;
> }
>
> /*
> @@ -73,18 +62,15 @@ static void ali_start(void)
> * Stop the ALi watchdog countdown
> */
>
> -static void ali_stop(void)
> +static int ali_stop(struct watchdog_device *wdd)
> {
> u32 val;
>
> - spin_lock(&ali_lock);
> -
> pci_read_config_dword(ali_pci, 0xCC, &val);
> val &= ~0x3F; /* Mask count to zero (disabled) */
> val &= ~(1 << 25); /* and for safety mask the reset enable */
> pci_write_config_dword(ali_pci, 0xCC, val);
> -
> - spin_unlock(&ali_lock);
> + return 0;
> }
>
> /*
> @@ -93,32 +79,24 @@ static void ali_stop(void)
> * Send a keepalive to the timer (actually we restart the timer).
> */
>
> -static void ali_keepalive(void)
> +static int ali_keepalive(struct watchdog_device *wdd)
> {
> - ali_start();
> + ali_start(wdd);
> + return 0;
> }

If the keepalive function does nothing but call the start function,
it can be omitted.

>
> /*
> - * ali_settimer - compute the timer reload value
> + * ali_set_timeout - compute the timer reload value
> * @t: time in seconds
> *
> * Computes the timeout values needed
> */
>
> -static int ali_settimer(int t)
> +static int ali_set_timeout(struct watchdog_device *wdd, unsigned int t)
> {
> - if (t < 0)
> - return -EINVAL;
> - else if (t < 60)
> - ali_timeout_bits = t|(1 << 6);
> - else if (t < 3600)
> - ali_timeout_bits = (t / 60)|(1 << 7);
> - else if (t < 18000)
> - ali_timeout_bits = (t / 300)|(1 << 6)|(1 << 7);
> - else
> - return -EINVAL;
> -
> - timeout = t;
> + wdd->max_timeout = 60;
> + wdd->min_timeout = 1;

This is wrong. max_timeout and min_timeout must be set in the
static declaration of struct watchdog_device. Similar,
wdd.timeout should be initialized there with WATCHDOG_TIMEOUT.

Also, a maximum of 60 seconds does not make sense. The (old)
code above clearly accepts timeouts up to 17999 seconds.

Where is ali_timeout_bits now initialized ?

> + wdd->timeout = t;

wdd->timeout needs to be set to the actual timeout. Per
the above (old) code, this is either a multiple of seconds,
minutes, or five minutes, depending on the requested timeout
value. For example, if t=310 is requested, the actual timeout
is set to 300 seconds. wdd->timeout must then be set to 300.

> return 0;
> }
>
> @@ -126,172 +104,6 @@ static int ali_settimer(int t)
> * /dev/watchdog handling
> */
>
> -/*
> - * ali_write - writes to ALi watchdog
> - * @file: file from VFS
> - * @data: user address of data
> - * @len: length of data
> - * @ppos: pointer to the file offset
> - *
> - * Handle a write to the ALi watchdog. Writing to the file pings
> - * the watchdog and resets it. Writing the magic 'V' sequence allows
> - * the next close to turn off the watchdog.
> - */
> -
> -static ssize_t ali_write(struct file *file, const char __user *data,
> - size_t len, loff_t *ppos)
> -{
> - /* See if we got the magic character 'V' and reload the timer */
> - if (len) {
> - if (!nowayout) {
> - size_t i;
> -
> - /* note: just in case someone wrote the
> - magic character five months ago... */
> - ali_expect_release = 0;
> -
> - /* scan to see whether or not we got
> - the magic character */
> - for (i = 0; i != len; i++) {
> - char c;
> - if (get_user(c, data + i))
> - return -EFAULT;
> - if (c == 'V')
> - ali_expect_release = 42;
> - }
> - }
> -
> - /* someone wrote to us, we should reload the timer */
> - ali_start();
> - }
> - return len;
> -}
> -
> -/*
> - * ali_ioctl - handle watchdog ioctls
> - * @file: VFS file pointer
> - * @cmd: ioctl number
> - * @arg: arguments to the ioctl
> - *
> - * Handle the watchdog ioctls supported by the ALi driver. Really
> - * we want an extension to enable irq ack monitoring and the like
> - */
> -
> -static long ali_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
> -{
> - void __user *argp = (void __user *)arg;
> - int __user *p = argp;
> - static const struct watchdog_info ident = {
> - .options = WDIOF_KEEPALIVEPING |
> - WDIOF_SETTIMEOUT |
> - WDIOF_MAGICCLOSE,
> - .firmware_version = 0,
> - .identity = "ALi M1535 WatchDog Timer",
> - };
> -
> - switch (cmd) {
> - case WDIOC_GETSUPPORT:
> - return copy_to_user(argp, &ident, sizeof(ident)) ? -EFAULT : 0;
> -
> - case WDIOC_GETSTATUS:
> - case WDIOC_GETBOOTSTATUS:
> - return put_user(0, p);
> - case WDIOC_SETOPTIONS:
> - {
> - int new_options, retval = -EINVAL;
> -
> - if (get_user(new_options, p))
> - return -EFAULT;
> - if (new_options & WDIOS_DISABLECARD) {
> - ali_stop();
> - retval = 0;
> - }
> - if (new_options & WDIOS_ENABLECARD) {
> - ali_start();
> - retval = 0;
> - }
> - return retval;
> - }
> - case WDIOC_KEEPALIVE:
> - ali_keepalive();
> - return 0;
> - case WDIOC_SETTIMEOUT:
> - {
> - int new_timeout;
> - if (get_user(new_timeout, p))
> - return -EFAULT;
> - if (ali_settimer(new_timeout))
> - return -EINVAL;
> - ali_keepalive();
> - }
> - /* fall through */
> - case WDIOC_GETTIMEOUT:
> - return put_user(timeout, p);
> - default:
> - return -ENOTTY;
> - }
> -}
> -
> -/*
> - * ali_open - handle open of ali watchdog
> - * @inode: inode from VFS
> - * @file: file from VFS
> - *
> - * Open the ALi watchdog device. Ensure only one person opens it
> - * at a time. Also start the watchdog running.
> - */
> -
> -static int ali_open(struct inode *inode, struct file *file)
> -{
> - /* /dev/watchdog can only be opened once */
> - if (test_and_set_bit(0, &ali_is_open))
> - return -EBUSY;
> -
> - /* Activate */
> - ali_start();
> - return nonseekable_open(inode, file);
> -}
> -
> -/*
> - * ali_release - close an ALi watchdog
> - * @inode: inode from VFS
> - * @file: file from VFS
> - *
> - * Close the ALi watchdog device. Actual shutdown of the timer
> - * only occurs if the magic sequence has been set.
> - */
> -
> -static int ali_release(struct inode *inode, struct file *file)
> -{
> - /*
> - * Shut off the timer.
> - */
> - if (ali_expect_release == 42)
> - ali_stop();
> - else {
> - pr_crit("Unexpected close, not stopping watchdog!\n");
> - ali_keepalive();
> - }
> - clear_bit(0, &ali_is_open);
> - ali_expect_release = 0;
> - return 0;
> -}
> -
> -/*
> - * ali_notify_sys - System down notifier
> - *
> - * Notifier for system down
> - */
> -
> -
> -static int ali_notify_sys(struct notifier_block *this,
> - unsigned long code, void *unused)
> -{
> - if (code == SYS_DOWN || code == SYS_HALT)
> - ali_stop(); /* Turn the WDT off */
> - return NOTIFY_DONE;
> -}
> -
> /*
> * Data for PCI driver interface
> *
> @@ -361,23 +173,17 @@ static int __init ali_find_watchdog(void)
> * Kernel Interfaces
> */
>
> -static const struct file_operations ali_fops = {
> - .owner = THIS_MODULE,
> - .llseek = no_llseek,
> - .write = ali_write,
> - .unlocked_ioctl = ali_ioctl,
> - .open = ali_open,
> - .release = ali_release,
> +static struct watchdog_ops alim1535wdt_ops = {
> + .owner = THIS_MODULE,
> + .start = ali_start,
> + .stop = ali_stop,
> + .ping = ali_keepalive,
> + .set_timeout = ali_set_timeout,
> };
>
> -static struct miscdevice ali_miscdev = {
> - .minor = WATCHDOG_MINOR,
> - .name = "watchdog",
> - .fops = &ali_fops,
> -};
> -
> -static struct notifier_block ali_notifier = {
> - .notifier_call = ali_notify_sys,
> +static struct watchdog_device alim1535wdt_wdd = {

Also set:
.info
.timeout
.min_timeout
.max_timeout

> + .ops = &alim1535wdt_ops,
> + .status = WATCHDOG_NOWAYOUT_INIT_STATUS,
> };
>
> /*
> @@ -403,30 +209,25 @@ static int __init watchdog_init(void)
> timeout);
> }
>
> - /* Calculate the watchdog's timeout */
> - ali_settimer(timeout);
> + watchdog_stop_on_reboot(&alim1535wdt_wdd);
> +
> + watchdog_init_timeout(&alim1535wdt_wdd, timeout, NULL);
> +
> + watchdog_set_nowayout(&alim1535wdt_wdd, nowayout);
>
> - ret = register_reboot_notifier(&ali_notifier);
> - if (ret != 0) {
> - pr_err("cannot register reboot notifier (err=%d)\n", ret);
> - goto out;
> - }
> + ret = watchdog_register_device(&alim1535wdt_wdd);
>
> - ret = misc_register(&ali_miscdev);
> if (ret != 0) {
> - pr_err("cannot register miscdev on minor=%d (err=%d)\n",
> - WATCHDOG_MINOR, ret);
> - goto unreg_reboot;
> + goto reboot_unreg;

A goto to a return statement does not add value.

> }
>
> - pr_info("initialized. timeout=%d sec (nowayout=%d)\n",
> - timeout, nowayout);
> + /* Calculate the watchdog's timeout */
> + ali_set_timeout(&alim1535wdt_wdd, timeout);
> +
This is unnecessary. The values can and should be initialized in
static struct watchdog_device alim1535wdt_wdd.

> + return 0;
>
> -out:
> +reboot_unreg:
> return ret;
> -unreg_reboot:
> - unregister_reboot_notifier(&ali_notifier);
> - goto out;
> }
>
> /*
> @@ -437,12 +238,8 @@ unreg_reboot:
>
> static void __exit watchdog_exit(void)
> {
> - /* Stop the timer before we leave */
> - ali_stop();
> -
> /* Deregister */
> - misc_deregister(&ali_miscdev);
> - unregister_reboot_notifier(&ali_notifier);
> + watchdog_unregister_device(&alim1535wdt_wdd);
> pci_dev_put(ali_pci);
> }
>
> @@ -451,4 +248,4 @@ module_exit(watchdog_exit);
>
> MODULE_AUTHOR("Alan Cox");
> MODULE_DESCRIPTION("ALi M1535 PMU Watchdog Timer driver");
> -MODULE_LICENSE("GPL");
> +MODULE_LICENSE("GPL");

I am at loss what is different here.