secret/postfix_src/watchdog_8c_source.html

 /*++

 /* NAME

 /*  watchdog 3

 /* SUMMARY

 /*  watchdog timer

 /* SYNOPSIS

 /*  #include <watchdog.h>

 /*

 /*  WATCHDOG *watchdog_create(timeout, action, context)

 /*  unsigned timeout;

 /*  void    (*action)(WATCHDOG *watchdog, char *context);

 /*  char    *context;

 /*

 /*  void    watchdog_start(watchdog)

 /*  WATCHDOG *watchdog;

 /*

 /*  void    watchdog_stop(watchdog)

 /*  WATCHDOG *watchdog;

 /*

 /*  void    watchdog_destroy(watchdog)

 /*  WATCHDOG *watchdog;

 /*

 /*  void    watchdog_pat()

 /* DESCRIPTION

 /*  This module implements watchdog timers that are based on ugly

 /*  UNIX alarm timers. The module is designed to survive systems

 /*  with clocks that jump occasionally.

 /*

 /*  Watchdog timers can be stacked. Only one watchdog timer can be

 /*  active at a time. Only the last created watchdog timer can be

 /*  manipulated. Watchdog timers must be destroyed in reverse order

 /*  of creation.

 /*

 /*  watchdog_create() suspends the current watchdog timer, if any,

 /*  and instantiates a new watchdog timer.

 /*

 /*  watchdog_start() starts or restarts the watchdog timer.

 /*

 /*  watchdog_stop() stops the watchdog timer.

 /*

 /*  watchdog_destroy() stops the watchdog timer, and resumes the

 /*  watchdog timer instance that was suspended by watchdog_create().

 /*

 /*  watchdog_pat() pats the watchdog, so it stays quiet.

 /*

 /*  Arguments:

 /* .IP timeout

 /*  The watchdog time limit. When the watchdog timer runs, the

 /*  process must invoke watchdog_start(), watchdog_stop() or

 /*  watchdog_destroy() before the time limit is reached.

 /* .IP action

 /*  A null pointer, or pointer to function that is called when the

 /*  watchdog alarm goes off. The default action is to terminate

 /*  the process with a fatal error.

 /* .IP context

 /*  Application context that is passed to the action routine.

 /* .IP watchdog

 /*  Must be a pointer to the most recently created watchdog instance.

 /*  This argument is checked upon each call.

 /* BUGS

 /*  UNIX alarm timers are not stackable, so there can be at most one

 /*  watchdog instance active at any given time.

 /* SEE ALSO

 /*  msg(3) diagnostics interface

 /* DIAGNOSTICS

 /*  Fatal errors: memory allocation problem, system call failure.

 /*  Panics: interface violations.

 /* LICENSE

 /* .ad

 /* .fi

 /*  The Secure Mailer license must be distributed with this software.

 /* AUTHOR(S)

 /*  Wietse Venema

 /*  IBM T.J. Watson Research

 /*  P.O. Box 704

 /*  Yorktown Heights, NY 10598, USA

 /*--*/


 /* System library. */


 #include <sys_defs.h>

 #include <unistd.h>

 #include <signal.h>

 #include <posix_signals.h>


 /* Utility library. */


 #include <msg.h>

 #include <mymalloc.h>

 #include <killme_after.h>

 #include <watchdog.h>


 /* Application-specific. */


  /*

   * Rather than having one timer that goes off when it is too late, we break

   * up the time limit into smaller intervals so that we can deal with clocks

   * that jump occasionally.

   */

 #define WATCHDOG_STEPS  3


  /*

   * UNIX alarms are not stackable, but we can save and restore state, so that

   * watchdogs can at least be nested, sort of.

   */

 struct WATCHDOG {

     unsigned timeout;           /* our time resolution */

     WATCHDOG_FN action;         /* application routine */

     char   *context;            /* application context */

     int     trip_run;           /* number of successive timeouts */

     WATCHDOG *saved_watchdog;       /* saved state */

     struct sigaction saved_action;  /* saved state */

     unsigned saved_time;        /* saved state */

 };


  /*

   * However, only one watchdog instance can be current, and the caller has to

   * restore state before a prior watchdog instance can be manipulated.

   */

 static WATCHDOG *watchdog_curr;


  /*

   * Workaround for systems where the alarm signal does not wakeup the event

   * machinery, and therefore does not restart the watchdog timer in the

   * single_server etc. skeletons. The symptom is that programs abort when the

   * watchdog timeout is less than the max_idle time.

   */

 #ifdef USE_WATCHDOG_PIPE

 #include <errno.h>

 #include <iostuff.h>

 #include <events.h>


 static int watchdog_pipe[2];


 /* watchdog_read - read event pipe */


 static void watchdog_read(int unused_event, void *unused_context)

 {

     char    ch;


     while (read(watchdog_pipe[0], &ch, 1) > 0)

      /* void */ ;

 }


 #endif                  /* USE_WATCHDOG_PIPE */


 /* watchdog_event - handle timeout event */


 static void watchdog_event(int unused_sig)

 {

     const char *myname = "watchdog_event";

     WATCHDOG *wp;


     /*

      * This routine runs as a signal handler. We should not do anything that

      * could involve memory allocation/deallocation, but exiting without

      * proper explanation would be unacceptable. For this reason, msg(3) was

      * made safe for usage by signal handlers that terminate the process.

      */

     if ((wp = watchdog_curr) == 0)

     msg_panic("%s: no instance", myname);

     if (msg_verbose > 1)

     msg_info("%s: %p %d", myname, (void *) wp, wp->trip_run);

     if (++(wp->trip_run) < WATCHDOG_STEPS) {

 #ifdef USE_WATCHDOG_PIPE

     int     saved_errno = errno;


     /* Wake up the events(3) engine. */

     if (write(watchdog_pipe[1], "", 1) != 1)

         msg_warn("%s: write watchdog_pipe: %m", myname);

     errno = saved_errno;

 #endif

     alarm(wp->timeout);

     } else {

     if (wp->action)

         wp->action(wp, wp->context);

     else {

         killme_after(5);

 #ifdef TEST

         pause();

 #endif

         msg_fatal("watchdog timeout");

     }

     }

 }


 /* watchdog_create - create watchdog instance */


 WATCHDOG *watchdog_create(unsigned timeout, WATCHDOG_FN action, char *context)

 {

     const char *myname = "watchdog_create";

     struct sigaction sig_action;

     WATCHDOG *wp;


     wp = (WATCHDOG *) mymalloc(sizeof(*wp));

     if ((wp->timeout = timeout / WATCHDOG_STEPS) == 0)

     msg_panic("%s: timeout %d is too small", myname, timeout);

     wp->action = action;

     wp->context = context;

     wp->saved_watchdog = watchdog_curr;

     wp->saved_time = alarm(0);

     sigemptyset(&sig_action.sa_mask);

 #ifdef SA_RESTART

     sig_action.sa_flags = SA_RESTART;

 #else

     sig_action.sa_flags = 0;

 #endif

     sig_action.sa_handler = watchdog_event;

     if (sigaction(SIGALRM, &sig_action, &wp->saved_action) < 0)

     msg_fatal("%s: sigaction(SIGALRM): %m", myname);

     if (msg_verbose > 1)

     msg_info("%s: %p %d", myname, (void *) wp, timeout);

 #ifdef USE_WATCHDOG_PIPE

     if (watchdog_curr == 0) {

     if (pipe(watchdog_pipe) < 0)

         msg_fatal("%s: pipe: %m", myname);

     non_blocking(watchdog_pipe[0], NON_BLOCKING);

     non_blocking(watchdog_pipe[1], NON_BLOCKING);

     event_enable_read(watchdog_pipe[0], watchdog_read, (void *) 0);

     }

 #endif

     return (watchdog_curr = wp);

 }


 /* watchdog_destroy - destroy watchdog instance, restore state */


 void    watchdog_destroy(WATCHDOG *wp)

 {

     const char *myname = "watchdog_destroy";


     watchdog_stop(wp);

     watchdog_curr = wp->saved_watchdog;

     if (sigaction(SIGALRM, &wp->saved_action, (struct sigaction *) 0) < 0)

     msg_fatal("%s: sigaction(SIGALRM): %m", myname);

     if (wp->saved_time)

     alarm(wp->saved_time);

     myfree((void *) wp);

 #ifdef USE_WATCHDOG_PIPE

     if (watchdog_curr == 0) {

     event_disable_readwrite(watchdog_pipe[0]);

     (void) close(watchdog_pipe[0]);

     (void) close(watchdog_pipe[1]);

     }

 #endif

     if (msg_verbose > 1)

     msg_info("%s: %p", myname, (void *) wp);

 }


 /* watchdog_start - enable watchdog timer */


 void    watchdog_start(WATCHDOG *wp)

 {

     const char *myname = "watchdog_start";


     if (wp != watchdog_curr)

     msg_panic("%s: wrong watchdog instance", myname);

     wp->trip_run = 0;

     alarm(wp->timeout);

     if (msg_verbose > 1)

     msg_info("%s: %p", myname, (void *) wp);

 }


 /* watchdog_stop - disable watchdog timer */


 void    watchdog_stop(WATCHDOG *wp)

 {

     const char *myname = "watchdog_stop";


     if (wp != watchdog_curr)

     msg_panic("%s: wrong watchdog instance", myname);

     alarm(0);

     if (msg_verbose > 1)

     msg_info("%s: %p", myname, (void *) wp);

 }


 /* watchdog_pat - pat the dog so it stays quiet */


 void    watchdog_pat(void)

 {

     const char *myname = "watchdog_pat";


     if (watchdog_curr)

     watchdog_curr->trip_run = 0;

     if (msg_verbose > 1)

     msg_info("%s: %p", myname, (void *) watchdog_curr);

 }


 #ifdef TEST


 #include <vstream.h>


 int     main(int unused_argc, char **unused_argv)

 {

     WATCHDOG *wp;


     msg_verbose = 2;


     wp = watchdog_create(10, (WATCHDOG_FN) 0, (void *) 0);

     watchdog_start(wp);

     do {

     watchdog_pat();

     } while (VSTREAM_GETCHAR() != VSTREAM_EOF);

     watchdog_destroy(wp);

     return (0);

 }


 #endif

msg_verbose
int msg_verbose
Definition: msg.c:177

event_enable_read
void event_enable_read(int fd, EVENT_NOTIFY_RDWR_FN callback, void *context)
Definition: events.c:729

VSTREAM_EOF
#define VSTREAM_EOF
Definition: vstream.h:110

myfree
void myfree(void *ptr)
Definition: mymalloc.c:207

WATCHDOG::saved_watchdog
WATCHDOG * saved_watchdog
Definition: watchdog.c:111

watchdog_pat
void watchdog_pat(void)
Definition: watchdog.c:278

msg_panic
NORETURN msg_panic(const char *fmt,...)
Definition: msg.c:295

watchdog_destroy
void watchdog_destroy(WATCHDOG *wp)
Definition: watchdog.c:227

WATCHDOG_STEPS
#define WATCHDOG_STEPS
Definition: watchdog.c:100

main
int main(int argc, char **argv)
Definition: anvil.c:1010

iostuff.h

posix_signals.h

WATCHDOG::context
char * context
Definition: watchdog.c:109

watchdog_start
void watchdog_start(WATCHDOG *wp)
Definition: watchdog.c:251

watchdog.h

WATCHDOG_FN
void(* WATCHDOG_FN)(WATCHDOG *, char *)
Definition: watchdog.h:18

WATCHDOG::trip_run
int trip_run
Definition: watchdog.c:110

killme_after
void killme_after(unsigned int seconds)
Definition: killme_after.c:41

WATCHDOG
Definition: watchdog.c:106

VSTREAM_GETCHAR
#define VSTREAM_GETCHAR()
Definition: vstream.h:113

events.h

watchdog_create
WATCHDOG * watchdog_create(unsigned timeout, WATCHDOG_FN action, char *context)
Definition: watchdog.c:189

msg.h

msg_warn
void msg_warn(const char *fmt,...)
Definition: msg.c:215

WATCHDOG::timeout
unsigned timeout
Definition: watchdog.c:107

sys_defs.h

msg_fatal
NORETURN msg_fatal(const char *fmt,...)
Definition: msg.c:249

watchdog_stop
void watchdog_stop(WATCHDOG *wp)
Definition: watchdog.c:265

NON_BLOCKING
#define NON_BLOCKING
Definition: iostuff.h:49

vstream.h

non_blocking
int non_blocking(int, int)
Definition: non_blocking.c:55

WATCHDOG::saved_action
struct sigaction saved_action
Definition: watchdog.c:112

WATCHDOG::action
WATCHDOG_FN action
Definition: watchdog.c:108

WATCHDOG::saved_time
unsigned saved_time
Definition: watchdog.c:113

killme_after.h

event_disable_readwrite
void event_disable_readwrite(int fd)
Definition: events.c:839

mymalloc.h

mymalloc
void * mymalloc(ssize_t len)
Definition: mymalloc.c:150

msg_info
void msg_info(const char *fmt,...)
Definition: msg.c:199