linux-yocto/kernel/uptime_limit.c

/*
 * uptime_limit.c
 *
 * This file contains the functions which can limit kernel uptime
 *
 * Copyright (C) 2011 Bruce Ashfield (bruce.ashfield@windriver.com)
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 *
 *
 * This functionality is somewhat close to the softdog watchdog
 * implementation, but it cannot be used directly for several reasons:
 *
 *   - The soft watchdog should be available while this functionality is active
 *   - The duration range is different between this and the softdog. The
 *     timeout available here is potentially quite a bit longer.
 *   - At expiration, there are different expiration requirements and actions.
 *   - This functionality is specific to a particular use case and should
 *     not impact mainline functionality
 *
 */
#include <linux/kernel.h>
#include <linux/reboot.h>
#include <linux/timer.h>
#include <linux/delay.h>
#include <linux/kthread.h>

#define UPTIME_LIMIT_IN_SECONDS (CONFIG_UPTIME_LIMIT_DURATION * 60)
#define MIN(X, Y) ((X) <= (Y) ? (X) : (Y))
#define TEN_MINUTES_IN_SECONDS 600

enum uptime_expiration_type {
	uptime_no_action,
	uptime_reboot
};

static enum uptime_expiration_type uptime_expiration_action = uptime_no_action;
static struct timer_list timelimit_timer;
static struct task_struct *uptime_worker_task;

static void timelimit_expire(unsigned long timeout_seconds)
{
	char msg[128];
	int msglen = 127;

	if (timeout_seconds) {
		if (timeout_seconds >= 60)
			snprintf(msg, msglen,
				 "Uptime: kernel validity duration has %d %s remaining\n",
				 (int) timeout_seconds / 60, "minute(s)");
		else
			snprintf(msg, msglen,
				 "Uptime: kernel validity duration has %d %s remaining\n",
				 (int) timeout_seconds, "seconds");

		printk(KERN_CRIT "%s", msg);

		timelimit_timer.expires = jiffies + timeout_seconds * HZ;
		timelimit_timer.data = 0;
		add_timer_on(&timelimit_timer, cpumask_first(cpu_online_mask));
	} else {
		printk(KERN_CRIT "Uptime: Kernel validity timeout has expired\n");
#ifdef CONFIG_UPTIME_LIMIT_KERNEL_REBOOT
		uptime_expiration_action = uptime_reboot;
		wake_up_process(uptime_worker_task);
	}
#endif
}

/*
 * This thread starts and then immediately goes to sleep. When it is woken
 * up, it carries out the instructions left in uptime_expiration_action. If
 * no action was specified it simply goes back to sleep.
 */
static int uptime_worker(void *unused)
{
	set_current_state(TASK_INTERRUPTIBLE);

	while (!kthread_should_stop()) {
		schedule();

		if (kthread_should_stop())
			break;

		if (uptime_expiration_action == uptime_reboot) {
			printk(KERN_CRIT "Uptime: restarting machine\n");
			kernel_restart(NULL);
		}

		set_current_state(TASK_INTERRUPTIBLE);
	}
	__set_current_state(TASK_RUNNING);

	return 0;
}

static int timeout_enable(int cpu)
{
	int err = 0;
	int warning_limit;

	/*
	 * Create an uptime worker thread. This thread is required since the
	 * safe version of kernel restart cannot be called from a
	 * non-interruptible context. Which means we cannot call it directly
	 * from a timer callback.  So we arrange for the timer expiration to
	 * wakeup a thread, which performs the action.
	 */
	uptime_worker_task = kthread_create(uptime_worker,
					    (void *)(unsigned long)cpu,
					    "uptime_worker/%d", cpu);
	if (IS_ERR(uptime_worker_task)) {
		printk(KERN_ERR "Uptime: task for cpu %i failed\n", cpu);
		err = PTR_ERR(uptime_worker_task);
		goto out;
	}
	/* bind to cpu0 to avoid migration and hot plug nastiness */
	kthread_bind(uptime_worker_task, cpu);
	wake_up_process(uptime_worker_task);

	/* Create the timer that will wake the uptime thread at expiration */
	init_timer(&timelimit_timer);
	timelimit_timer.function = timelimit_expire;
	/*
	 * Fire two timers. One warning timeout and the final timer
	 * which will carry out the expiration action. The warning timer will
	 * expire at the minimum of half the original time or ten minutes.
	 */
	warning_limit = MIN(UPTIME_LIMIT_IN_SECONDS/2, TEN_MINUTES_IN_SECONDS);
	timelimit_timer.expires = jiffies + warning_limit * HZ;
	timelimit_timer.data = UPTIME_LIMIT_IN_SECONDS - warning_limit;

	add_timer_on(&timelimit_timer, cpumask_first(cpu_online_mask));
out:
	return err;
}

static int __init timelimit_init(void)
{
	int err = 0;

	printk(KERN_INFO "Uptime: system uptime restrictions enabled\n");

	/*
	 * Enable the timeout thread for cpu 0 only, assuming that the
	 * uptime limit is non-zero, to protect against any cpu
	 * migration issues.
	 */
	if (UPTIME_LIMIT_IN_SECONDS)
		err = timeout_enable(0);

	return err;
}
device_initcall(timelimit_init);