1 /*- 2 * Copyright (c) 1986, 1988, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)kern_shutdown.c 8.3 (Berkeley) 1/21/94 35 */ 36 37 #include <sys/cdefs.h> 38 __FBSDID("$FreeBSD$"); 39 40 #include "opt_ddb.h" 41 #include "opt_kdb.h" 42 #include "opt_panic.h" 43 #include "opt_sched.h" 44 #include "opt_watchdog.h" 45 46 #include <sys/param.h> 47 #include <sys/systm.h> 48 #include <sys/bio.h> 49 #include <sys/buf.h> 50 #include <sys/conf.h> 51 #include <sys/cons.h> 52 #include <sys/eventhandler.h> 53 #include <sys/filedesc.h> 54 #include <sys/jail.h> 55 #include <sys/kdb.h> 56 #include <sys/kernel.h> 57 #include <sys/kerneldump.h> 58 #include <sys/kthread.h> 59 #include <sys/ktr.h> 60 #include <sys/malloc.h> 61 #include <sys/mount.h> 62 #include <sys/priv.h> 63 #include <sys/proc.h> 64 #include <sys/reboot.h> 65 #include <sys/resourcevar.h> 66 #include <sys/rwlock.h> 67 #include <sys/sched.h> 68 #include <sys/smp.h> 69 #include <sys/sysctl.h> 70 #include <sys/sysproto.h> 71 #include <sys/vnode.h> 72 #include <sys/watchdog.h> 73 74 #include <ddb/ddb.h> 75 76 #include <machine/cpu.h> 77 #include <machine/dump.h> 78 #include <machine/pcb.h> 79 #include <machine/smp.h> 80 81 #include <security/mac/mac_framework.h> 82 83 #include <vm/vm.h> 84 #include <vm/vm_object.h> 85 #include <vm/vm_page.h> 86 #include <vm/vm_pager.h> 87 #include <vm/swap_pager.h> 88 89 #include <sys/signalvar.h> 90 91 #ifndef PANIC_REBOOT_WAIT_TIME 92 #define PANIC_REBOOT_WAIT_TIME 15 /* default to 15 seconds */ 93 #endif 94 static int panic_reboot_wait_time = PANIC_REBOOT_WAIT_TIME; 95 SYSCTL_INT(_kern, OID_AUTO, panic_reboot_wait_time, CTLFLAG_RWTUN, 96 &panic_reboot_wait_time, 0, 97 "Seconds to wait before rebooting after a panic"); 98 99 /* 100 * Note that stdarg.h and the ANSI style va_start macro is used for both 101 * ANSI and traditional C compilers. 102 */ 103 #include <machine/stdarg.h> 104 105 #ifdef KDB 106 #ifdef KDB_UNATTENDED 107 int debugger_on_panic = 0; 108 #else 109 int debugger_on_panic = 1; 110 #endif 111 SYSCTL_INT(_debug, OID_AUTO, debugger_on_panic, 112 CTLFLAG_RWTUN | CTLFLAG_SECURE, 113 &debugger_on_panic, 0, "Run debugger on kernel panic"); 114 115 #ifdef KDB_TRACE 116 static int trace_on_panic = 1; 117 #else 118 static int trace_on_panic = 0; 119 #endif 120 SYSCTL_INT(_debug, OID_AUTO, trace_on_panic, 121 CTLFLAG_RWTUN | CTLFLAG_SECURE, 122 &trace_on_panic, 0, "Print stack trace on kernel panic"); 123 #endif /* KDB */ 124 125 static int sync_on_panic = 0; 126 SYSCTL_INT(_kern, OID_AUTO, sync_on_panic, CTLFLAG_RWTUN, 127 &sync_on_panic, 0, "Do a sync before rebooting from a panic"); 128 129 static SYSCTL_NODE(_kern, OID_AUTO, shutdown, CTLFLAG_RW, 0, 130 "Shutdown environment"); 131 132 #ifndef DIAGNOSTIC 133 static int show_busybufs; 134 #else 135 static int show_busybufs = 1; 136 #endif 137 SYSCTL_INT(_kern_shutdown, OID_AUTO, show_busybufs, CTLFLAG_RW, 138 &show_busybufs, 0, ""); 139 140 int suspend_blocked = 0; 141 SYSCTL_INT(_kern, OID_AUTO, suspend_blocked, CTLFLAG_RW, 142 &suspend_blocked, 0, "Block suspend due to a pending shutdown"); 143 144 /* 145 * Variable panicstr contains argument to first call to panic; used as flag 146 * to indicate that the kernel has already called panic. 147 */ 148 const char *panicstr; 149 150 int dumping; /* system is dumping */ 151 int rebooting; /* system is rebooting */ 152 static struct dumperinfo dumper; /* our selected dumper */ 153 154 /* Context information for dump-debuggers. */ 155 static struct pcb dumppcb; /* Registers. */ 156 lwpid_t dumptid; /* Thread ID. */ 157 158 static struct cdevsw reroot_cdevsw = { 159 .d_version = D_VERSION, 160 .d_name = "reroot", 161 }; 162 163 static void poweroff_wait(void *, int); 164 static void shutdown_halt(void *junk, int howto); 165 static void shutdown_panic(void *junk, int howto); 166 static void shutdown_reset(void *junk, int howto); 167 static int kern_reroot(void); 168 169 /* register various local shutdown events */ 170 static void 171 shutdown_conf(void *unused) 172 { 173 174 EVENTHANDLER_REGISTER(shutdown_final, poweroff_wait, NULL, 175 SHUTDOWN_PRI_FIRST); 176 EVENTHANDLER_REGISTER(shutdown_final, shutdown_halt, NULL, 177 SHUTDOWN_PRI_LAST + 100); 178 EVENTHANDLER_REGISTER(shutdown_final, shutdown_panic, NULL, 179 SHUTDOWN_PRI_LAST + 100); 180 EVENTHANDLER_REGISTER(shutdown_final, shutdown_reset, NULL, 181 SHUTDOWN_PRI_LAST + 200); 182 } 183 184 SYSINIT(shutdown_conf, SI_SUB_INTRINSIC, SI_ORDER_ANY, shutdown_conf, NULL); 185 186 /* 187 * The only reason this exists is to create the /dev/reroot/ directory, 188 * used by reroot code in init(8) as a mountpoint for tmpfs. 189 */ 190 static void 191 reroot_conf(void *unused) 192 { 193 int error; 194 struct cdev *cdev; 195 196 error = make_dev_p(MAKEDEV_CHECKNAME | MAKEDEV_WAITOK, &cdev, 197 &reroot_cdevsw, NULL, UID_ROOT, GID_WHEEL, 0600, "reroot/reroot"); 198 if (error != 0) { 199 printf("%s: failed to create device node, error %d", 200 __func__, error); 201 } 202 } 203 204 SYSINIT(reroot_conf, SI_SUB_DEVFS, SI_ORDER_ANY, reroot_conf, NULL); 205 206 /* 207 * The system call that results in a reboot. 208 */ 209 /* ARGSUSED */ 210 int 211 sys_reboot(struct thread *td, struct reboot_args *uap) 212 { 213 int error; 214 215 error = 0; 216 #ifdef MAC 217 error = mac_system_check_reboot(td->td_ucred, uap->opt); 218 #endif 219 if (error == 0) 220 error = priv_check(td, PRIV_REBOOT); 221 if (error == 0) { 222 if (uap->opt & RB_REROOT) { 223 error = kern_reroot(); 224 } else { 225 mtx_lock(&Giant); 226 kern_reboot(uap->opt); 227 mtx_unlock(&Giant); 228 } 229 } 230 return (error); 231 } 232 233 /* 234 * Called by events that want to shut down.. e.g <CTL><ALT><DEL> on a PC 235 */ 236 void 237 shutdown_nice(int howto) 238 { 239 240 if (initproc != NULL) { 241 /* Send a signal to init(8) and have it shutdown the world. */ 242 PROC_LOCK(initproc); 243 if (howto & RB_POWEROFF) 244 kern_psignal(initproc, SIGUSR2); 245 else if (howto & RB_HALT) 246 kern_psignal(initproc, SIGUSR1); 247 else 248 kern_psignal(initproc, SIGINT); 249 PROC_UNLOCK(initproc); 250 } else { 251 /* No init(8) running, so simply reboot. */ 252 kern_reboot(howto | RB_NOSYNC); 253 } 254 } 255 256 static void 257 print_uptime(void) 258 { 259 int f; 260 struct timespec ts; 261 262 getnanouptime(&ts); 263 printf("Uptime: "); 264 f = 0; 265 if (ts.tv_sec >= 86400) { 266 printf("%ldd", (long)ts.tv_sec / 86400); 267 ts.tv_sec %= 86400; 268 f = 1; 269 } 270 if (f || ts.tv_sec >= 3600) { 271 printf("%ldh", (long)ts.tv_sec / 3600); 272 ts.tv_sec %= 3600; 273 f = 1; 274 } 275 if (f || ts.tv_sec >= 60) { 276 printf("%ldm", (long)ts.tv_sec / 60); 277 ts.tv_sec %= 60; 278 f = 1; 279 } 280 printf("%lds\n", (long)ts.tv_sec); 281 } 282 283 int 284 doadump(boolean_t textdump) 285 { 286 boolean_t coredump; 287 int error; 288 289 error = 0; 290 if (dumping) 291 return (EBUSY); 292 if (dumper.dumper == NULL) 293 return (ENXIO); 294 295 savectx(&dumppcb); 296 dumptid = curthread->td_tid; 297 dumping++; 298 299 coredump = TRUE; 300 #ifdef DDB 301 if (textdump && textdump_pending) { 302 coredump = FALSE; 303 textdump_dumpsys(&dumper); 304 } 305 #endif 306 if (coredump) 307 error = dumpsys(&dumper); 308 309 dumping--; 310 return (error); 311 } 312 313 /* 314 * Shutdown the system cleanly to prepare for reboot, halt, or power off. 315 */ 316 void 317 kern_reboot(int howto) 318 { 319 static int once = 0; 320 321 #if defined(SMP) 322 /* 323 * Bind us to CPU 0 so that all shutdown code runs there. Some 324 * systems don't shutdown properly (i.e., ACPI power off) if we 325 * run on another processor. 326 */ 327 if (!SCHEDULER_STOPPED()) { 328 thread_lock(curthread); 329 sched_bind(curthread, 0); 330 thread_unlock(curthread); 331 KASSERT(PCPU_GET(cpuid) == 0, ("boot: not running on cpu 0")); 332 } 333 #endif 334 /* We're in the process of rebooting. */ 335 rebooting = 1; 336 337 /* We are out of the debugger now. */ 338 kdb_active = 0; 339 340 /* 341 * Do any callouts that should be done BEFORE syncing the filesystems. 342 */ 343 EVENTHANDLER_INVOKE(shutdown_pre_sync, howto); 344 345 /* 346 * Now sync filesystems 347 */ 348 if (!cold && (howto & RB_NOSYNC) == 0 && once == 0) { 349 once = 1; 350 bufshutdown(show_busybufs); 351 } 352 353 print_uptime(); 354 355 cngrab(); 356 357 /* 358 * Ok, now do things that assume all filesystem activity has 359 * been completed. 360 */ 361 EVENTHANDLER_INVOKE(shutdown_post_sync, howto); 362 363 if ((howto & (RB_HALT|RB_DUMP)) == RB_DUMP && !cold && !dumping) 364 doadump(TRUE); 365 366 /* Now that we're going to really halt the system... */ 367 EVENTHANDLER_INVOKE(shutdown_final, howto); 368 369 for(;;) ; /* safety against shutdown_reset not working */ 370 /* NOTREACHED */ 371 } 372 373 /* 374 * The system call that results in changing the rootfs. 375 */ 376 static int 377 kern_reroot(void) 378 { 379 struct vnode *oldrootvnode, *vp; 380 struct mount *mp, *devmp; 381 int error; 382 383 if (curproc != initproc) 384 return (EPERM); 385 386 /* 387 * Mark the filesystem containing currently-running executable 388 * (the temporary copy of init(8)) busy. 389 */ 390 vp = curproc->p_textvp; 391 error = vn_lock(vp, LK_SHARED); 392 if (error != 0) 393 return (error); 394 mp = vp->v_mount; 395 error = vfs_busy(mp, MBF_NOWAIT); 396 if (error != 0) { 397 vfs_ref(mp); 398 VOP_UNLOCK(vp, 0); 399 error = vfs_busy(mp, 0); 400 vn_lock(vp, LK_SHARED | LK_RETRY); 401 vfs_rel(mp); 402 if (error != 0) { 403 VOP_UNLOCK(vp, 0); 404 return (ENOENT); 405 } 406 if (vp->v_iflag & VI_DOOMED) { 407 VOP_UNLOCK(vp, 0); 408 vfs_unbusy(mp); 409 return (ENOENT); 410 } 411 } 412 VOP_UNLOCK(vp, 0); 413 414 /* 415 * Remove the filesystem containing currently-running executable 416 * from the mount list, to prevent it from being unmounted 417 * by vfs_unmountall(), and to avoid confusing vfs_mountroot(). 418 * 419 * Also preserve /dev - forcibly unmounting it could cause driver 420 * reinitialization. 421 */ 422 423 vfs_ref(rootdevmp); 424 devmp = rootdevmp; 425 rootdevmp = NULL; 426 427 mtx_lock(&mountlist_mtx); 428 TAILQ_REMOVE(&mountlist, mp, mnt_list); 429 TAILQ_REMOVE(&mountlist, devmp, mnt_list); 430 mtx_unlock(&mountlist_mtx); 431 432 oldrootvnode = rootvnode; 433 434 /* 435 * Unmount everything except for the two filesystems preserved above. 436 */ 437 vfs_unmountall(); 438 439 /* 440 * Add /dev back; vfs_mountroot() will move it into its new place. 441 */ 442 mtx_lock(&mountlist_mtx); 443 TAILQ_INSERT_HEAD(&mountlist, devmp, mnt_list); 444 mtx_unlock(&mountlist_mtx); 445 rootdevmp = devmp; 446 vfs_rel(rootdevmp); 447 448 /* 449 * Mount the new rootfs. 450 */ 451 vfs_mountroot(); 452 453 /* 454 * Update all references to the old rootvnode. 455 */ 456 mountcheckdirs(oldrootvnode, rootvnode); 457 458 /* 459 * Add the temporary filesystem back and unbusy it. 460 */ 461 mtx_lock(&mountlist_mtx); 462 TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list); 463 mtx_unlock(&mountlist_mtx); 464 vfs_unbusy(mp); 465 466 return (0); 467 } 468 469 /* 470 * If the shutdown was a clean halt, behave accordingly. 471 */ 472 static void 473 shutdown_halt(void *junk, int howto) 474 { 475 476 if (howto & RB_HALT) { 477 printf("\n"); 478 printf("The operating system has halted.\n"); 479 printf("Please press any key to reboot.\n\n"); 480 switch (cngetc()) { 481 case -1: /* No console, just die */ 482 cpu_halt(); 483 /* NOTREACHED */ 484 default: 485 howto &= ~RB_HALT; 486 break; 487 } 488 } 489 } 490 491 /* 492 * Check to see if the system paniced, pause and then reboot 493 * according to the specified delay. 494 */ 495 static void 496 shutdown_panic(void *junk, int howto) 497 { 498 int loop; 499 500 if (howto & RB_DUMP) { 501 if (panic_reboot_wait_time != 0) { 502 if (panic_reboot_wait_time != -1) { 503 printf("Automatic reboot in %d seconds - " 504 "press a key on the console to abort\n", 505 panic_reboot_wait_time); 506 for (loop = panic_reboot_wait_time * 10; 507 loop > 0; --loop) { 508 DELAY(1000 * 100); /* 1/10th second */ 509 /* Did user type a key? */ 510 if (cncheckc() != -1) 511 break; 512 } 513 if (!loop) 514 return; 515 } 516 } else { /* zero time specified - reboot NOW */ 517 return; 518 } 519 printf("--> Press a key on the console to reboot,\n"); 520 printf("--> or switch off the system now.\n"); 521 cngetc(); 522 } 523 } 524 525 /* 526 * Everything done, now reset 527 */ 528 static void 529 shutdown_reset(void *junk, int howto) 530 { 531 532 printf("Rebooting...\n"); 533 DELAY(1000000); /* wait 1 sec for printf's to complete and be read */ 534 535 /* 536 * Acquiring smp_ipi_mtx here has a double effect: 537 * - it disables interrupts avoiding CPU0 preemption 538 * by fast handlers (thus deadlocking against other CPUs) 539 * - it avoids deadlocks against smp_rendezvous() or, more 540 * generally, threads busy-waiting, with this spinlock held, 541 * and waiting for responses by threads on other CPUs 542 * (ie. smp_tlb_shootdown()). 543 * 544 * For the !SMP case it just needs to handle the former problem. 545 */ 546 #ifdef SMP 547 mtx_lock_spin(&smp_ipi_mtx); 548 #else 549 spinlock_enter(); 550 #endif 551 552 /* cpu_boot(howto); */ /* doesn't do anything at the moment */ 553 cpu_reset(); 554 /* NOTREACHED */ /* assuming reset worked */ 555 } 556 557 #if defined(WITNESS) || defined(INVARIANTS) 558 static int kassert_warn_only = 0; 559 #ifdef KDB 560 static int kassert_do_kdb = 0; 561 #endif 562 #ifdef KTR 563 static int kassert_do_ktr = 0; 564 #endif 565 static int kassert_do_log = 1; 566 static int kassert_log_pps_limit = 4; 567 static int kassert_log_mute_at = 0; 568 static int kassert_log_panic_at = 0; 569 static int kassert_warnings = 0; 570 571 SYSCTL_NODE(_debug, OID_AUTO, kassert, CTLFLAG_RW, NULL, "kassert options"); 572 573 SYSCTL_INT(_debug_kassert, OID_AUTO, warn_only, CTLFLAG_RWTUN, 574 &kassert_warn_only, 0, 575 "KASSERT triggers a panic (1) or just a warning (0)"); 576 577 #ifdef KDB 578 SYSCTL_INT(_debug_kassert, OID_AUTO, do_kdb, CTLFLAG_RWTUN, 579 &kassert_do_kdb, 0, "KASSERT will enter the debugger"); 580 #endif 581 582 #ifdef KTR 583 SYSCTL_UINT(_debug_kassert, OID_AUTO, do_ktr, CTLFLAG_RWTUN, 584 &kassert_do_ktr, 0, 585 "KASSERT does a KTR, set this to the KTRMASK you want"); 586 #endif 587 588 SYSCTL_INT(_debug_kassert, OID_AUTO, do_log, CTLFLAG_RWTUN, 589 &kassert_do_log, 0, "KASSERT triggers a panic (1) or just a warning (0)"); 590 591 SYSCTL_INT(_debug_kassert, OID_AUTO, warnings, CTLFLAG_RWTUN, 592 &kassert_warnings, 0, "number of KASSERTs that have been triggered"); 593 594 SYSCTL_INT(_debug_kassert, OID_AUTO, log_panic_at, CTLFLAG_RWTUN, 595 &kassert_log_panic_at, 0, "max number of KASSERTS before we will panic"); 596 597 SYSCTL_INT(_debug_kassert, OID_AUTO, log_pps_limit, CTLFLAG_RWTUN, 598 &kassert_log_pps_limit, 0, "limit number of log messages per second"); 599 600 SYSCTL_INT(_debug_kassert, OID_AUTO, log_mute_at, CTLFLAG_RWTUN, 601 &kassert_log_mute_at, 0, "max number of KASSERTS to log"); 602 603 static int kassert_sysctl_kassert(SYSCTL_HANDLER_ARGS); 604 605 SYSCTL_PROC(_debug_kassert, OID_AUTO, kassert, 606 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0, 607 kassert_sysctl_kassert, "I", "set to trigger a test kassert"); 608 609 static int 610 kassert_sysctl_kassert(SYSCTL_HANDLER_ARGS) 611 { 612 int error, i; 613 614 error = sysctl_wire_old_buffer(req, sizeof(int)); 615 if (error == 0) { 616 i = 0; 617 error = sysctl_handle_int(oidp, &i, 0, req); 618 } 619 if (error != 0 || req->newptr == NULL) 620 return (error); 621 KASSERT(0, ("kassert_sysctl_kassert triggered kassert %d", i)); 622 return (0); 623 } 624 625 /* 626 * Called by KASSERT, this decides if we will panic 627 * or if we will log via printf and/or ktr. 628 */ 629 void 630 kassert_panic(const char *fmt, ...) 631 { 632 static char buf[256]; 633 va_list ap; 634 635 va_start(ap, fmt); 636 (void)vsnprintf(buf, sizeof(buf), fmt, ap); 637 va_end(ap); 638 639 /* 640 * panic if we're not just warning, or if we've exceeded 641 * kassert_log_panic_at warnings. 642 */ 643 if (!kassert_warn_only || 644 (kassert_log_panic_at > 0 && 645 kassert_warnings >= kassert_log_panic_at)) { 646 va_start(ap, fmt); 647 vpanic(fmt, ap); 648 /* NORETURN */ 649 } 650 #ifdef KTR 651 if (kassert_do_ktr) 652 CTR0(ktr_mask, buf); 653 #endif /* KTR */ 654 /* 655 * log if we've not yet met the mute limit. 656 */ 657 if (kassert_do_log && 658 (kassert_log_mute_at == 0 || 659 kassert_warnings < kassert_log_mute_at)) { 660 static struct timeval lasterr; 661 static int curerr; 662 663 if (ppsratecheck(&lasterr, &curerr, kassert_log_pps_limit)) { 664 printf("KASSERT failed: %s\n", buf); 665 kdb_backtrace(); 666 } 667 } 668 #ifdef KDB 669 if (kassert_do_kdb) { 670 kdb_enter(KDB_WHY_KASSERT, buf); 671 } 672 #endif 673 atomic_add_int(&kassert_warnings, 1); 674 } 675 #endif 676 677 /* 678 * Panic is called on unresolvable fatal errors. It prints "panic: mesg", 679 * and then reboots. If we are called twice, then we avoid trying to sync 680 * the disks as this often leads to recursive panics. 681 */ 682 void 683 panic(const char *fmt, ...) 684 { 685 va_list ap; 686 687 va_start(ap, fmt); 688 vpanic(fmt, ap); 689 } 690 691 void 692 vpanic(const char *fmt, va_list ap) 693 { 694 #ifdef SMP 695 cpuset_t other_cpus; 696 #endif 697 struct thread *td = curthread; 698 int bootopt, newpanic; 699 static char buf[256]; 700 701 spinlock_enter(); 702 703 #ifdef SMP 704 /* 705 * stop_cpus_hard(other_cpus) should prevent multiple CPUs from 706 * concurrently entering panic. Only the winner will proceed 707 * further. 708 */ 709 if (panicstr == NULL && !kdb_active) { 710 other_cpus = all_cpus; 711 CPU_CLR(PCPU_GET(cpuid), &other_cpus); 712 stop_cpus_hard(other_cpus); 713 } 714 715 /* 716 * Ensure that the scheduler is stopped while panicking, even if panic 717 * has been entered from kdb. 718 */ 719 td->td_stopsched = 1; 720 #endif 721 722 bootopt = RB_AUTOBOOT; 723 newpanic = 0; 724 if (panicstr) 725 bootopt |= RB_NOSYNC; 726 else { 727 bootopt |= RB_DUMP; 728 panicstr = fmt; 729 newpanic = 1; 730 } 731 732 if (newpanic) { 733 (void)vsnprintf(buf, sizeof(buf), fmt, ap); 734 panicstr = buf; 735 cngrab(); 736 printf("panic: %s\n", buf); 737 } else { 738 printf("panic: "); 739 vprintf(fmt, ap); 740 printf("\n"); 741 } 742 #ifdef SMP 743 printf("cpuid = %d\n", PCPU_GET(cpuid)); 744 #endif 745 746 #ifdef KDB 747 if (newpanic && trace_on_panic) 748 kdb_backtrace(); 749 if (debugger_on_panic) 750 kdb_enter(KDB_WHY_PANIC, "panic"); 751 #endif 752 /*thread_lock(td); */ 753 td->td_flags |= TDF_INPANIC; 754 /* thread_unlock(td); */ 755 if (!sync_on_panic) 756 bootopt |= RB_NOSYNC; 757 kern_reboot(bootopt); 758 } 759 760 /* 761 * Support for poweroff delay. 762 * 763 * Please note that setting this delay too short might power off your machine 764 * before the write cache on your hard disk has been flushed, leading to 765 * soft-updates inconsistencies. 766 */ 767 #ifndef POWEROFF_DELAY 768 # define POWEROFF_DELAY 5000 769 #endif 770 static int poweroff_delay = POWEROFF_DELAY; 771 772 SYSCTL_INT(_kern_shutdown, OID_AUTO, poweroff_delay, CTLFLAG_RW, 773 &poweroff_delay, 0, "Delay before poweroff to write disk caches (msec)"); 774 775 static void 776 poweroff_wait(void *junk, int howto) 777 { 778 779 if (!(howto & RB_POWEROFF) || poweroff_delay <= 0) 780 return; 781 DELAY(poweroff_delay * 1000); 782 } 783 784 /* 785 * Some system processes (e.g. syncer) need to be stopped at appropriate 786 * points in their main loops prior to a system shutdown, so that they 787 * won't interfere with the shutdown process (e.g. by holding a disk buf 788 * to cause sync to fail). For each of these system processes, register 789 * shutdown_kproc() as a handler for one of shutdown events. 790 */ 791 static int kproc_shutdown_wait = 60; 792 SYSCTL_INT(_kern_shutdown, OID_AUTO, kproc_shutdown_wait, CTLFLAG_RW, 793 &kproc_shutdown_wait, 0, "Max wait time (sec) to stop for each process"); 794 795 void 796 kproc_shutdown(void *arg, int howto) 797 { 798 struct proc *p; 799 int error; 800 801 if (panicstr) 802 return; 803 804 p = (struct proc *)arg; 805 printf("Waiting (max %d seconds) for system process `%s' to stop...", 806 kproc_shutdown_wait, p->p_comm); 807 error = kproc_suspend(p, kproc_shutdown_wait * hz); 808 809 if (error == EWOULDBLOCK) 810 printf("timed out\n"); 811 else 812 printf("done\n"); 813 } 814 815 void 816 kthread_shutdown(void *arg, int howto) 817 { 818 struct thread *td; 819 int error; 820 821 if (panicstr) 822 return; 823 824 td = (struct thread *)arg; 825 printf("Waiting (max %d seconds) for system thread `%s' to stop...", 826 kproc_shutdown_wait, td->td_name); 827 error = kthread_suspend(td, kproc_shutdown_wait * hz); 828 829 if (error == EWOULDBLOCK) 830 printf("timed out\n"); 831 else 832 printf("done\n"); 833 } 834 835 static char dumpdevname[sizeof(((struct cdev*)NULL)->si_name)]; 836 SYSCTL_STRING(_kern_shutdown, OID_AUTO, dumpdevname, CTLFLAG_RD, 837 dumpdevname, 0, "Device for kernel dumps"); 838 839 /* Registration of dumpers */ 840 int 841 set_dumper(struct dumperinfo *di, const char *devname, struct thread *td) 842 { 843 size_t wantcopy; 844 int error; 845 846 error = priv_check(td, PRIV_SETDUMPER); 847 if (error != 0) 848 return (error); 849 850 if (di == NULL) { 851 bzero(&dumper, sizeof dumper); 852 dumpdevname[0] = '\0'; 853 return (0); 854 } 855 if (dumper.dumper != NULL) 856 return (EBUSY); 857 dumper = *di; 858 wantcopy = strlcpy(dumpdevname, devname, sizeof(dumpdevname)); 859 if (wantcopy >= sizeof(dumpdevname)) { 860 printf("set_dumper: device name truncated from '%s' -> '%s'\n", 861 devname, dumpdevname); 862 } 863 return (0); 864 } 865 866 /* Call dumper with bounds checking. */ 867 int 868 dump_write(struct dumperinfo *di, void *virtual, vm_offset_t physical, 869 off_t offset, size_t length) 870 { 871 872 if (length != 0 && (offset < di->mediaoffset || 873 offset - di->mediaoffset + length > di->mediasize)) { 874 printf("Attempt to write outside dump device boundaries.\n" 875 "offset(%jd), mediaoffset(%jd), length(%ju), mediasize(%jd).\n", 876 (intmax_t)offset, (intmax_t)di->mediaoffset, 877 (uintmax_t)length, (intmax_t)di->mediasize); 878 return (ENOSPC); 879 } 880 return (di->dumper(di->priv, virtual, physical, offset, length)); 881 } 882 883 void 884 mkdumpheader(struct kerneldumpheader *kdh, char *magic, uint32_t archver, 885 uint64_t dumplen, uint32_t blksz) 886 { 887 888 bzero(kdh, sizeof(*kdh)); 889 strlcpy(kdh->magic, magic, sizeof(kdh->magic)); 890 strlcpy(kdh->architecture, MACHINE_ARCH, sizeof(kdh->architecture)); 891 kdh->version = htod32(KERNELDUMPVERSION); 892 kdh->architectureversion = htod32(archver); 893 kdh->dumplength = htod64(dumplen); 894 kdh->dumptime = htod64(time_second); 895 kdh->blocksize = htod32(blksz); 896 strlcpy(kdh->hostname, prison0.pr_hostname, sizeof(kdh->hostname)); 897 strlcpy(kdh->versionstring, version, sizeof(kdh->versionstring)); 898 if (panicstr != NULL) 899 strlcpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring)); 900 kdh->parity = kerneldump_parity(kdh); 901 } 902