Linux software watchdog

Question

I am writing a system monitor for Linux and want to include some watchdog functionality. In the kernel, you can configure the watchdog to keep going even if /dev/watchdog is closed. In other words, if my daemon exits normally and closes /dev/watchdog, the system would still re-boot 59 seconds later. That may or may not be desirable behavior for the user.

I need to make my daemon aware of this setting because it will influence how I handle SIGINT. If the setting is on, my daemon would need to (preferably) start an orderly shutdown on exit or (at least) warn the user that the system is going to reboot shortly.

Does anyone know of a method to obtain this setting from user space? I don't see anything in sysconf() to get the value. Likewise, I need to be able to tell if the software watchdog is enabled to begin with.

Edit:

Linux provides a very simple watchdog interface. A process can open /dev/watchdog , once the device is opened, the kernel will begin a 60 second count down to reboot unless some data is written to that file, in which case the clock re-sets.

Depending on how the kernel is configured, closing that file may or may not stop the countdown. From the documentation:

The watchdog can be stopped without causing a reboot if the device /dev/watchdog is closed correctly, unless your kernel is compiled with the CONFIG_WATCHDOG_NOWAYOUT option enabled.

I need to be able to tell if CONFIG_WATCHDOG_NOWAYOUT was set from within a user space daemon, so that I can handle the shutdown of said daemon differently. In other words, if that setting is high, a simple:

# /etc/init.d/mydaemon stop

... would reboot the system in 59 seconds, because nothing is writing to /dev/watchdog any longer. So, if its set high, my handler for SIGINT needs to do additional things (i.e. warn the user at the least).

I can not find a way of obtaining this setting from user space :( Any help is appreciated.

Answer 1

You would need to catch the SIGINT in your application with signal handling. Link below shows some more information on signal handlers.

http://www.cs.utah.edu/dept/old/texinfo/glibc-manual-0.02/library_21.html

Answer 2

a watchdog guards against hard-locking the system, either because of a software crash, or hardware failure.

what you need is a daemon monitoring daemon (dmd). check 'monit'

Answer 3

Surely CONFIG_WATCHDOG_NOWAYOUT influences a preprocessor command?

Therefore, why do you need to check or set that from userspace

Answer 4

I hate having to suggest this, but being at a loss for a better idea: have you considered grepping for CONFIG_WATCHDOG_NOWAYOUT across your kernel source to see if it sets a global or gets returned by some function somewhere? You could look for some secondary change it induces in the kernel's exposed interface for something from which to infer its setting.

I haven't got the kernel source to hand or I'd've done this myself before replying, sorry.

Answer 5

AHA! After digging through linux/watchdog.h and drivers/watchdog/softdog.c, I was able to determine the capabilities of the softdog ioctl() interface. Looking at the capabilities that it announces in struct watchdog_info:

static struct watchdog_info ident = {
                .options =              WDIOF_SETTIMEOUT |
                                        WDIOF_KEEPALIVEPING |
                                        WDIOF_MAGICCLOSE,
                .firmware_version =     0,
                .identity =             "Software Watchdog",
        };

It does support a magic close that (seems to) over-ride CONFIG_WATCHDOG_NOWAYOUT. So, when terminating normally, I have to write a single char 'V' to /dev/watchdog then close it, and the timer will stop counting.

So, a simple ioctl() on a file descriptor to /dev/watchdog asking WDIOC_GETSUPPORT allows one to determine if this flag is set, i.e. :

int fd;
struct watchdog_info info;

fd = open("/dev/watchdog", O_WRONLY);
if (fd == -1) {
   perror("open");
   goto abort;
}

if (ioctl(fd, WDIOC_GETSUPPORT, &info)) {
    perror("ioctl");
    goto abort;
}

if (WDIOF_MAGICCLOSE & info.options)
   printf("Watchdog supports magic close char\n");
...

When working with hardware watchdogs, you might want to open with O_NONBLOCK so ioctl() not open() blocks (hence detecting a busy card).

If WDIOF_MAGICCLOSE is not supported, one should just assume that the soft watchdog is configured with NOWAYOUT.

I love Linux, I really do :) Sometimes it just takes a bit of hunting to work with. Thanks for all of the replies.

Edit: Further info

What stinks is, in order to determine the caps, you have to open the device .. once you open it the counter starts. So, if you have opened it and it does NOT support the magic close character, you had better ensure that you effect a normal shutdown / sync upon receiving SIGINT.

Answer 6

I think the watchdog device drivers are really intended for use on embedded platforms (or at least well controlled ones) where the developers will have control of which kernel is in use.

This could be considered to be an oversight, but I think it is not.

One other thing you could try, if the watchdog was built as a loadable module, unloading it will presumably abort the shutdown?