Commit Graph

67 Commits

Author SHA1 Message Date
ian
3cfb379fe2 Add a new exit-timeout option to watchdogd.
Watchdogd currently disables the watchdog when it exits, such as during
rc.shutdown processing.  That leaves the system vulnerable to getting hung
or deadlocked during the shutdown part of a reboot.  For embedded systems
it's especially important that the hardware watchdog always be active.  It
can also be useful for servers that are administered remotely.

The new -x <seconds> option tells watchdogd to program the watchdog with the
given timeout just before exiting.  The -x value can be longer or shorter
than the -t normal time value, to allow for various exceptional conditions
at shutdown such as allowing extra time for buffer flushing.

The exit value is also used internally in the "failsafe" handling (which
used to just disable the watchdog), on the theory that if you're using this
option, "safe" means having the watchdog always running, not disabled.

The default is still to disable the watchdog on exit if -x is not specified.

Differential Revision:	https://reviews.freebsd.org/D2556 (timed out)
2015-08-19 21:46:12 +00:00
sjg
008d7c831f Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
sjg
75a137820d dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
sjg
65145fa4c8 Merge sync of head 2015-05-27 01:19:58 +00:00
bapt
a191ba5195 Convert usr.sbin to LIBADD
Reduce overlinking
2014-11-25 16:57:27 +00:00
sjg
b137080f19 Merge from head@274682 2014-11-19 01:07:58 +00:00
delphij
fd6ff34340 Default to use 10 seconds as nap interval instead of 1.
Previously, we have a nap interval of 1 second while we have a timeout of
128 seconds by default, which could be an overkill, and for some hardware
the patting action may be expensive.

Note that the choice of nap interval is still arbitrary.  We preferred
a safe value where even when the system is very heavily loaded, the
watchdog should not shoot the system down if it's not really hung.
According to the manual page of Linux's watchdog daemon, the nap interval
time of theirs is 10 seconds, which seems to be a reasonable value --
according to Intel documentation AP-725 (Document Number: 292273-001),
ICH5's maximum timeout is about 37.5 seconds, which the ichwd(4) driver
would set when we requested 128 seconds (although it should probably
feed back this as an error and do not set the timeout).  Since that's
the shortest maximum value, 10 seconds seems to be a right choice for
us too.

Discussed with:	alfred
MFC after:	1 month
2014-11-16 09:44:30 +00:00
rpaulo
8f85e11d80 Fix the watchdog/watchdog man pages.
The default timeout is 128 seconds.

MFC after:	1 week
2014-10-18 07:38:46 +00:00
sjg
d7cd1d425c Merge head from 7/28 2014-08-19 06:50:54 +00:00
bapt
c0cd28f928 use .Mt to mark up email addresses consistently (part2)
PR:		191174
Submitted by:	Franco Fichtner  <franco@lastsummer.de>
2014-06-20 09:57:27 +00:00
sjg
5860f0d106 Updated dependencies 2014-05-16 14:09:51 +00:00
sjg
1a7e48acf1 Updated dependencies 2014-05-10 05:16:28 +00:00
sjg
5e568154a0 Merge head 2014-04-28 07:50:45 +00:00
joel
8abe91ebd2 mdoc: minor paragraph fixes. 2014-02-08 13:37:02 +00:00
sjg
62bb106222 Merge from head 2013-09-05 20:18:59 +00:00
alfred
075cac9cbd Fix bug in r253719: fix command line watchdog disable.
r253719 disallowed watchdog(8) from disabling the watchdog
by breaking the ability to pass 0 as a timeout arg.  Fix this.
2013-08-10 01:48:15 +00:00
jhb
82720cf8ad Apply a casting sledgehammer.
Submitted by:	dhw
2013-07-30 16:20:54 +00:00
ian
430fe32cc6 Fix printf of seconds for systems where time_t is 64 bits. 2013-07-28 16:56:31 +00:00
joel
526b0b7d6d mdoc and language improvements. 2013-07-28 06:15:25 +00:00
alfred
6b7d3341e2 Provide some examples for watchdogd usage. 2013-07-27 22:23:32 +00:00
alfred
fdd68bea0e Fix watchdog pretimeout.
The original API calls for pow2ns, however the new APIs from
Linux call for seconds.

We need to be able to convert to/from 2^Nns to seconds in both
userland and kernel to fix this and properly compare units.
2013-07-27 20:47:01 +00:00
sjg
97d8b94956 sync from head 2013-04-12 20:48:55 +00:00
ed
e2882f4306 Mark the act_tbl static/const.
This table is only used within this source file and is only accessed
read-only.

MFC after:	1 week
2013-04-08 08:05:15 +00:00
markj
b664987a1a Invert the meaning of -S (added in r247405) and document its meaning. Also,
don't carp about the watchdog command taking too long until after the
watchdog has been patted, and don't carp via warnx(3) unless -S is set
since syslog(3) already logs to standard error otherwise.

Discussed with:	alfred
Reviewed by:	alfred
Approved by:	emaste (co-mentor)
2013-03-26 19:43:18 +00:00
sjg
6d37b86f2b Updated dependencies 2013-03-11 17:21:52 +00:00
joel
4422c2240b Remove EOL whitespace. 2013-02-27 20:16:30 +00:00
joel
2f5ad9a3d9 mdoc: begin sentence on new line. 2013-02-27 20:15:06 +00:00
alfred
743bccf1ec watchdogd(8) and watchdog(4) enhancements.
The following support was added to watchdog(4):
- Support to query the outstanding timeout.
- Support to set a software pre-timeout function watchdog with an 'action'
- Support to set a software only watchdog with a configurable 'action'

'action' can be a mask specifying a single operation or a combination of:
 log(9), printf(9), panic(9) and/or kdb_enter(9).

Support the following in watchdogged:
- Support to utilize the new additions to watchdog(4).
- Support to warn if a watchdog script runs for too long.
- Support for "dry run" where we do not actually arm the watchdog,
  but only report on our timing.

Sponsored by:   iXsystems, Inc.
MFC after:      1 month
2013-02-27 19:03:31 +00:00
sjg
0ee5295509 Updated dependencies 2013-02-16 01:23:54 +00:00
obrien
3028e3f8ab Sync with HEAD. 2013-02-08 16:10:16 +00:00
ian
2c49431420 Revert accidental regression to previous misspelling.
Approved by:	cognet (mentor)
2013-01-26 22:02:40 +00:00
ian
fc60ef94da Reduce watchdogd's memory footprint when running daemonized.
This uses the recently-added jemalloc(3) feature of setting the lg_chunk
tuning option to zero to request that memory be allocated in the smallest
chunks possible.  Without this option, the default is to initally map 8MB,
and then the mlockall() call wires that entire allocation even though the
program only uses a few Kbytes of it at runtime.

PR:		bin/173332
Approved by:	cognet (mentor)
2013-01-26 21:29:45 +00:00
alfred
42ff7995ba Spelling: exitting -> exiting
MFC after:	2 weeks
2013-01-18 02:36:06 +00:00
sjg
778e93c51a Sync from head 2012-11-04 02:52:03 +00:00
delphij
8dbd4c35e8 Replace log(3) with flsll(3) for watchdogd(8) and drop libm dependency.
MFC after:	2 weeks
2012-11-03 18:38:28 +00:00
zont
2d3909f027 - It's also need to lock current memory.
Approved by:	kib (mentor)
MFC after:	1 week
2012-08-30 08:07:37 +00:00
zont
aae8be3bc8 - Don't allow watchdogd(8) to be swapped out.
On machines with huge amount of swap and high IO activity,
  watchdogd(8) may wait for a swap memory longer than timeout and
  sometimes fires.

Approved by:	kib (mentor)
MFC after:	1 week
2012-08-28 08:38:53 +00:00
marcel
9dd41e3647 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
emaste
a774d4e29c Protect the watchdog daemon against swap OOM killer. This is similar to
SVN r199804 which added protection to sshd, cron, syslogd, and inetd.
2010-09-26 01:45:33 +00:00
delphij
fd28c2f495 Staticify local variables.
While I'm there also add a 'static' keyword for a function to make it
consistent with prototype.

Reviewed by:	phk
MFC after:	3 months
2010-07-20 17:42:13 +00:00
ed
073cafdd42 The last big commit: let usr.sbin/ use WARNS=6 by default. 2010-01-02 11:07:44 +00:00
ed
b9ca89bfc4 ANSIfy almost all applications that use WARNS=6.
I was considering committing all these patches one by one, but as
discussed with brooks@, there is no need to do this. If we ever
need/want to merge these changes back, it is still possible to do this
per application.
2009-12-29 22:53:27 +00:00
ru
d2993e53cd Don't hide an error if the initial attempt to program a watchdog from
within watchdogd(8) fails.  This is also consistent with watchdog(8).
2009-12-21 15:50:37 +00:00
n_hibma
22a6932ccb Don't exit from watchdogd on receiving a signal if we cannot stop the watchdog.
That'll require -KILL. This avoids resetting your system on one of the
watchdogs that you cannot disable.
2006-12-15 22:47:36 +00:00
ru
081fcce9b9 Markup fixes. 2006-09-29 17:57:04 +00:00
phk
8200abddc7 Document that the default timeout is 16 seconds 2006-09-02 09:11:58 +00:00
phk
00fe269292 Fix usage().
Submitted by:	Adrian Steinmann <ast@marabu.ch>
2006-03-06 07:42:52 +00:00
phk
f6f17c1957 Report any errors we might see when disabling the watchdog.
Complain about extra arguments so people don't get surprised
if they type "watchdog 0"
2005-09-30 08:30:20 +00:00
pjd
c71407b589 Pidfiles should be created with permission preventing users from opening
them for reading. When user can open file for reading, he can also
flock(2) it, which can lead to confusions.

Pointed out by:	green
2005-09-16 11:24:28 +00:00
pjd
9de6caadfa Use pidfile(3) in watchdogd(8). 2005-08-24 19:28:33 +00:00