watchdog: always close fd on watchdog stop #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
CC @dangowrt |
The user may asks for procd watchdog handler to be stopped with or without disabling it, by specifying the magicclose flag. If the flag is set, the watchdog will be disabled and the fd closed, allowing the user to take control over the watchdog. There is a race in this scenario. If the system fails before the user re-enables the watchdog, the system might hang without a proper reset. To prevent this, the user should ask the procd handler to be stopped without disabling the watchdog, by specifying magicclose as false. However, in this case, the procd will only stop refreshing the watchdog, but will leave the fd open. At least on Raspberry Pi, this prevents anyone else from opening the watchdog device, resulting in EBUSY. With this patch, watchdog fd will always be closed, regardless of the magicclose flag, allowing for the described safe use-case. For user that previously stopped the watchdog handler with the magicclose flag, the functionality remains unchanged. Signed-off-by: Dragan Milenkovic <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Current behavior
The user may asks for procd watchdog handler to be stopped with or without disabling it, by specifying the magicclose flag.
Use-case
I would like to take over the watchdog and handle it with a script.
Problem
Stopping the handler with magicclose == true is not reliable. If the system fails before the user re-enables the watchdog, the system might hang without a proper reset.
Stopping the handler with magicclose == false doesn't help either. The procd will only stop refreshing the watchdog, but will leave the fd open. At least on Raspberry Pi, this prevents anyone else from opening the watchdog device, resulting in EBUSY.
The fix
With this patch, watchdog fd will always be closed, regardless of the magicclose flag, allowing for the described use-case. To take over the watchdog, stop it with magicclose == false and open the watchdog device in your custom way.
Peculiarity
You will note an allegedly critical log line coming from kernel "watchdog did not stop!" This is actually what we want. In my opinion, it should only be a warning, not a critical message.
Backward compatibility
For user that previously stopped the watchdog handler with magicclose == true, the functionality remains unchanged.