xref: /freebsd/sys/kern/kern_shutdown.c (revision 91c878a6935c5c2e99866eb267e5bc3028bf6d2f) 
1 /*-
2  * Copyright (c) 1986, 1988, 1991, 1993
3  *	The Regents of the University of California.  All rights reserved.
4  * (c) UNIX System Laboratories, Inc.
5  * All or some portions of this file are derived from material licensed
6  * to the University of California by American Telephone and Telegraph
7  * Co. or Unix System Laboratories, Inc. and are reproduced herein with
8  * the permission of UNIX System Laboratories, Inc.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  * 4. Neither the name of the University nor the names of its contributors
19  *    may be used to endorse or promote products derived from this software
20  *    without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32  * SUCH DAMAGE.
33  *
34  *	@(#)kern_shutdown.c	8.3 (Berkeley) 1/21/94
35  */
36 
37 #include <sys/cdefs.h>
38 __FBSDID("$FreeBSD$");
39 
40 #include "opt_kdb.h"
41 #include "opt_mac.h"
42 #include "opt_panic.h"
43 #include "opt_show_busybufs.h"
44 #include "opt_sched.h"
45 
46 #include <sys/param.h>
47 #include <sys/systm.h>
48 #include <sys/bio.h>
49 #include <sys/buf.h>
50 #include <sys/conf.h>
51 #include <sys/cons.h>
52 #include <sys/eventhandler.h>
53 #include <sys/kdb.h>
54 #include <sys/kernel.h>
55 #include <sys/kthread.h>
56 #include <sys/malloc.h>
57 #include <sys/mount.h>
58 #include <sys/proc.h>
59 #include <sys/reboot.h>
60 #include <sys/resourcevar.h>
61 #include <sys/sched.h>
62 #include <sys/smp.h>		/* smp_active */
63 #include <sys/sysctl.h>
64 #include <sys/sysproto.h>
65 
66 #include <machine/cpu.h>
67 #include <machine/pcb.h>
68 #include <machine/smp.h>
69 
70 #include <security/mac/mac_framework.h>
71 
72 #include <vm/vm.h>
73 #include <vm/vm_object.h>
74 #include <vm/vm_page.h>
75 #include <vm/vm_pager.h>
76 #include <vm/swap_pager.h>
77 
78 #include <sys/signalvar.h>
79 
80 #ifndef PANIC_REBOOT_WAIT_TIME
81 #define PANIC_REBOOT_WAIT_TIME 15 /* default to 15 seconds */
82 #endif
83 
84 /*
85  * Note that stdarg.h and the ANSI style va_start macro is used for both
86  * ANSI and traditional C compilers.
87  */
88 #include <machine/stdarg.h>
89 
90 #ifdef KDB
91 #ifdef KDB_UNATTENDED
92 int debugger_on_panic = 0;
93 #else
94 int debugger_on_panic = 1;
95 #endif
96 SYSCTL_INT(_debug, OID_AUTO, debugger_on_panic, CTLFLAG_RW,
97 	&debugger_on_panic, 0, "Run debugger on kernel panic");
98 
99 #ifdef KDB_TRACE
100 int trace_on_panic = 1;
101 #else
102 int trace_on_panic = 0;
103 #endif
104 SYSCTL_INT(_debug, OID_AUTO, trace_on_panic, CTLFLAG_RW,
105 	&trace_on_panic, 0, "Print stack trace on kernel panic");
106 #endif /* KDB */
107 
108 int sync_on_panic = 0;
109 SYSCTL_INT(_kern, OID_AUTO, sync_on_panic, CTLFLAG_RW,
110 	&sync_on_panic, 0, "Do a sync before rebooting from a panic");
111 
112 SYSCTL_NODE(_kern, OID_AUTO, shutdown, CTLFLAG_RW, 0, "Shutdown environment");
113 
114 /*
115  * Variable panicstr contains argument to first call to panic; used as flag
116  * to indicate that the kernel has already called panic.
117  */
118 const char *panicstr;
119 
120 int dumping;				/* system is dumping */
121 int rebooting;				/* system is rebooting */
122 static struct dumperinfo dumper;	/* our selected dumper */
123 
124 /* Context information for dump-debuggers. */
125 static struct pcb dumppcb;		/* Registers. */
126 static lwpid_t dumptid;			/* Thread ID. */
127 
128 static void boot(int) __dead2;
129 static void poweroff_wait(void *, int);
130 static void shutdown_halt(void *junk, int howto);
131 static void shutdown_panic(void *junk, int howto);
132 static void shutdown_reset(void *junk, int howto);
133 
134 /* register various local shutdown events */
135 static void
136 shutdown_conf(void *unused)
137 {
138 
139 	EVENTHANDLER_REGISTER(shutdown_final, poweroff_wait, NULL,
140 	    SHUTDOWN_PRI_FIRST);
141 	EVENTHANDLER_REGISTER(shutdown_final, shutdown_halt, NULL,
142 	    SHUTDOWN_PRI_LAST + 100);
143 	EVENTHANDLER_REGISTER(shutdown_final, shutdown_panic, NULL,
144 	    SHUTDOWN_PRI_LAST + 100);
145 	EVENTHANDLER_REGISTER(shutdown_final, shutdown_reset, NULL,
146 	    SHUTDOWN_PRI_LAST + 200);
147 }
148 
149 SYSINIT(shutdown_conf, SI_SUB_INTRINSIC, SI_ORDER_ANY, shutdown_conf, NULL)
150 
151 /*
152  * The system call that results in a reboot
153  *
154  * MPSAFE
155  */
156 /* ARGSUSED */
157 int
158 reboot(struct thread *td, struct reboot_args *uap)
159 {
160 	int error;
161 
162 	error = 0;
163 #ifdef MAC
164 	error = mac_check_system_reboot(td->td_ucred, uap->opt);
165 #endif
166 	if (error == 0)
167 		error = suser(td);
168 	if (error == 0) {
169 		mtx_lock(&Giant);
170 		boot(uap->opt);
171 		mtx_unlock(&Giant);
172 	}
173 	return (error);
174 }
175 
176 /*
177  * Called by events that want to shut down.. e.g  <CTL><ALT><DEL> on a PC
178  */
179 static int shutdown_howto = 0;
180 
181 void
182 shutdown_nice(int howto)
183 {
184 
185 	shutdown_howto = howto;
186 
187 	/* Send a signal to init(8) and have it shutdown the world */
188 	if (initproc != NULL) {
189 		PROC_LOCK(initproc);
190 		psignal(initproc, SIGINT);
191 		PROC_UNLOCK(initproc);
192 	} else {
193 		/* No init(8) running, so simply reboot */
194 		boot(RB_NOSYNC);
195 	}
196 	return;
197 }
198 static int	waittime = -1;
199 
200 static void
201 print_uptime(void)
202 {
203 	int f;
204 	struct timespec ts;
205 
206 	getnanouptime(&ts);
207 	printf("Uptime: ");
208 	f = 0;
209 	if (ts.tv_sec >= 86400) {
210 		printf("%ldd", (long)ts.tv_sec / 86400);
211 		ts.tv_sec %= 86400;
212 		f = 1;
213 	}
214 	if (f || ts.tv_sec >= 3600) {
215 		printf("%ldh", (long)ts.tv_sec / 3600);
216 		ts.tv_sec %= 3600;
217 		f = 1;
218 	}
219 	if (f || ts.tv_sec >= 60) {
220 		printf("%ldm", (long)ts.tv_sec / 60);
221 		ts.tv_sec %= 60;
222 		f = 1;
223 	}
224 	printf("%lds\n", (long)ts.tv_sec);
225 }
226 
227 static void
228 doadump(void)
229 {
230 
231 	/*
232 	 * Sometimes people have to call this from the kernel debugger.
233 	 * (if 'panic' can not dump)
234 	 * Give them a clue as to why they can't dump.
235 	 */
236 	if (dumper.dumper == NULL) {
237 		printf("Cannot dump. No dump device defined.\n");
238 		return;
239 	}
240 
241 	savectx(&dumppcb);
242 	dumptid = curthread->td_tid;
243 	dumping++;
244 	dumpsys(&dumper);
245 }
246 
247 static int
248 isbufbusy(struct buf *bp)
249 {
250 	if (((bp->b_flags & (B_INVAL | B_PERSISTENT)) == 0 &&
251 	    BUF_REFCNT(bp) > 0) ||
252 	    ((bp->b_flags & (B_DELWRI | B_INVAL)) == B_DELWRI))
253 		return (1);
254 	return (0);
255 }
256 
257 /*
258  * Shutdown the system cleanly to prepare for reboot, halt, or power off.
259  */
260 static void
261 boot(int howto)
262 {
263 	static int first_buf_printf = 1;
264 
265 #if defined(SMP)
266 	/*
267 	 * Bind us to CPU 0 so that all shutdown code runs there.  Some
268 	 * systems don't shutdown properly (i.e., ACPI power off) if we
269 	 * run on another processor.
270 	 */
271 	mtx_lock_spin(&sched_lock);
272 	sched_bind(curthread, 0);
273 	mtx_unlock_spin(&sched_lock);
274 	KASSERT(PCPU_GET(cpuid) == 0, ("boot: not running on cpu 0"));
275 #endif
276 	/* We're in the process of rebooting. */
277 	rebooting = 1;
278 
279 	/* collect extra flags that shutdown_nice might have set */
280 	howto |= shutdown_howto;
281 
282 	/* We are out of the debugger now. */
283 	kdb_active = 0;
284 
285 	/*
286 	 * Do any callouts that should be done BEFORE syncing the filesystems.
287 	 */
288 	EVENTHANDLER_INVOKE(shutdown_pre_sync, howto);
289 
290 	/*
291 	 * Now sync filesystems
292 	 */
293 	if (!cold && (howto & RB_NOSYNC) == 0 && waittime < 0) {
294 		register struct buf *bp;
295 		int iter, nbusy, pbusy;
296 #ifndef PREEMPTION
297 		int subiter;
298 #endif
299 
300 		waittime = 0;
301 
302 		sync(curthread, NULL);
303 
304 		/*
305 		 * With soft updates, some buffers that are
306 		 * written will be remarked as dirty until other
307 		 * buffers are written.
308 		 */
309 		for (iter = pbusy = 0; iter < 20; iter++) {
310 			nbusy = 0;
311 			for (bp = &buf[nbuf]; --bp >= buf; )
312 				if (isbufbusy(bp))
313 					nbusy++;
314 			if (nbusy == 0) {
315 				if (first_buf_printf)
316 					printf("All buffers synced.");
317 				break;
318 			}
319 			if (first_buf_printf) {
320 				printf("Syncing disks, buffers remaining... ");
321 				first_buf_printf = 0;
322 			}
323 			printf("%d ", nbusy);
324 			if (nbusy < pbusy)
325 				iter = 0;
326 			pbusy = nbusy;
327 			sync(curthread, NULL);
328 
329 #ifdef PREEMPTION
330 			/*
331 			 * Drop Giant and spin for a while to allow
332 			 * interrupt threads to run.
333 			 */
334 			DROP_GIANT();
335 			DELAY(50000 * iter);
336 			PICKUP_GIANT();
337 #else
338 			/*
339 			 * Drop Giant and context switch several times to
340 			 * allow interrupt threads to run.
341 			 */
342 			DROP_GIANT();
343 			for (subiter = 0; subiter < 50 * iter; subiter++) {
344 				mtx_lock_spin(&sched_lock);
345 				mi_switch(SW_VOL, NULL);
346 				mtx_unlock_spin(&sched_lock);
347 				DELAY(1000);
348 			}
349 			PICKUP_GIANT();
350 #endif
351 		}
352 		printf("\n");
353 		/*
354 		 * Count only busy local buffers to prevent forcing
355 		 * a fsck if we're just a client of a wedged NFS server
356 		 */
357 		nbusy = 0;
358 		for (bp = &buf[nbuf]; --bp >= buf; ) {
359 			if (isbufbusy(bp)) {
360 #if 0
361 /* XXX: This is bogus.  We should probably have a BO_REMOTE flag instead */
362 				if (bp->b_dev == NULL) {
363 					TAILQ_REMOVE(&mountlist,
364 					    bp->b_vp->v_mount, mnt_list);
365 					continue;
366 				}
367 #endif
368 				nbusy++;
369 #if defined(SHOW_BUSYBUFS) || defined(DIAGNOSTIC)
370 				printf(
371 			    "%d: bufobj:%p, flags:%0x, blkno:%ld, lblkno:%ld\n",
372 				    nbusy, bp->b_bufobj,
373 				    bp->b_flags, (long)bp->b_blkno,
374 				    (long)bp->b_lblkno);
375 #endif
376 			}
377 		}
378 		if (nbusy) {
379 			/*
380 			 * Failed to sync all blocks. Indicate this and don't
381 			 * unmount filesystems (thus forcing an fsck on reboot).
382 			 */
383 			printf("Giving up on %d buffers\n", nbusy);
384 			DELAY(5000000);	/* 5 seconds */
385 		} else {
386 			if (!first_buf_printf)
387 				printf("Final sync complete\n");
388 			/*
389 			 * Unmount filesystems
390 			 */
391 			if (panicstr == 0)
392 				vfs_unmountall();
393 		}
394 		swapoff_all();
395 		DELAY(100000);		/* wait for console output to finish */
396 	}
397 
398 	print_uptime();
399 
400 	/*
401 	 * Ok, now do things that assume all filesystem activity has
402 	 * been completed.
403 	 */
404 	EVENTHANDLER_INVOKE(shutdown_post_sync, howto);
405 
406 	/* XXX This doesn't disable interrupts any more.  Reconsider? */
407 	splhigh();
408 
409 	if ((howto & (RB_HALT|RB_DUMP)) == RB_DUMP && !cold && !dumping)
410 		doadump();
411 
412 	/* Now that we're going to really halt the system... */
413 	EVENTHANDLER_INVOKE(shutdown_final, howto);
414 
415 	for(;;) ;	/* safety against shutdown_reset not working */
416 	/* NOTREACHED */
417 }
418 
419 /*
420  * If the shutdown was a clean halt, behave accordingly.
421  */
422 static void
423 shutdown_halt(void *junk, int howto)
424 {
425 
426 	if (howto & RB_HALT) {
427 		printf("\n");
428 		printf("The operating system has halted.\n");
429 		printf("Please press any key to reboot.\n\n");
430 		switch (cngetc()) {
431 		case -1:		/* No console, just die */
432 			cpu_halt();
433 			/* NOTREACHED */
434 		default:
435 			howto &= ~RB_HALT;
436 			break;
437 		}
438 	}
439 }
440 
441 /*
442  * Check to see if the system paniced, pause and then reboot
443  * according to the specified delay.
444  */
445 static void
446 shutdown_panic(void *junk, int howto)
447 {
448 	int loop;
449 
450 	if (howto & RB_DUMP) {
451 		if (PANIC_REBOOT_WAIT_TIME != 0) {
452 			if (PANIC_REBOOT_WAIT_TIME != -1) {
453 				printf("Automatic reboot in %d seconds - "
454 				       "press a key on the console to abort\n",
455 					PANIC_REBOOT_WAIT_TIME);
456 				for (loop = PANIC_REBOOT_WAIT_TIME * 10;
457 				     loop > 0; --loop) {
458 					DELAY(1000 * 100); /* 1/10th second */
459 					/* Did user type a key? */
460 					if (cncheckc() != -1)
461 						break;
462 				}
463 				if (!loop)
464 					return;
465 			}
466 		} else { /* zero time specified - reboot NOW */
467 			return;
468 		}
469 		printf("--> Press a key on the console to reboot,\n");
470 		printf("--> or switch off the system now.\n");
471 		cngetc();
472 	}
473 }
474 
475 /*
476  * Everything done, now reset
477  */
478 static void
479 shutdown_reset(void *junk, int howto)
480 {
481 
482 	printf("Rebooting...\n");
483 	DELAY(1000000);	/* wait 1 sec for printf's to complete and be read */
484 	/* cpu_boot(howto); */ /* doesn't do anything at the moment */
485 	cpu_reset();
486 	/* NOTREACHED */ /* assuming reset worked */
487 }
488 
489 #ifdef SMP
490 static u_int panic_cpu = NOCPU;
491 #endif
492 
493 /*
494  * Panic is called on unresolvable fatal errors.  It prints "panic: mesg",
495  * and then reboots.  If we are called twice, then we avoid trying to sync
496  * the disks as this often leads to recursive panics.
497  *
498  * MPSAFE
499  */
500 void
501 panic(const char *fmt, ...)
502 {
503 	struct thread *td = curthread;
504 	int bootopt, newpanic;
505 	va_list ap;
506 	static char buf[256];
507 
508 #ifdef SMP
509 	/*
510 	 * We don't want multiple CPU's to panic at the same time, so we
511 	 * use panic_cpu as a simple spinlock.  We have to keep checking
512 	 * panic_cpu if we are spinning in case the panic on the first
513 	 * CPU is canceled.
514 	 */
515 	if (panic_cpu != PCPU_GET(cpuid))
516 		while (atomic_cmpset_int(&panic_cpu, NOCPU,
517 		    PCPU_GET(cpuid)) == 0)
518 			while (panic_cpu != NOCPU)
519 				; /* nothing */
520 #endif
521 
522 	bootopt = RB_AUTOBOOT | RB_DUMP;
523 	newpanic = 0;
524 	if (panicstr)
525 		bootopt |= RB_NOSYNC;
526 	else {
527 		panicstr = fmt;
528 		newpanic = 1;
529 	}
530 
531 	va_start(ap, fmt);
532 	if (newpanic) {
533 		(void)vsnprintf(buf, sizeof(buf), fmt, ap);
534 		panicstr = buf;
535 		printf("panic: %s\n", buf);
536 	} else {
537 		printf("panic: ");
538 		vprintf(fmt, ap);
539 		printf("\n");
540 	}
541 	va_end(ap);
542 #ifdef SMP
543 	printf("cpuid = %d\n", PCPU_GET(cpuid));
544 #endif
545 
546 #ifdef KDB
547 	if (newpanic && trace_on_panic)
548 		kdb_backtrace();
549 	if (debugger_on_panic)
550 		kdb_enter("panic");
551 #ifdef RESTARTABLE_PANICS
552 	/* See if the user aborted the panic, in which case we continue. */
553 	if (panicstr == NULL) {
554 #ifdef SMP
555 		atomic_store_rel_int(&panic_cpu, NOCPU);
556 #endif
557 		return;
558 	}
559 #endif
560 #endif
561 	mtx_lock_spin(&sched_lock);
562 	td->td_flags |= TDF_INPANIC;
563 	mtx_unlock_spin(&sched_lock);
564 	if (!sync_on_panic)
565 		bootopt |= RB_NOSYNC;
566 	boot(bootopt);
567 }
568 
569 /*
570  * Support for poweroff delay.
571  */
572 #ifndef POWEROFF_DELAY
573 # define POWEROFF_DELAY 5000
574 #endif
575 static int poweroff_delay = POWEROFF_DELAY;
576 
577 SYSCTL_INT(_kern_shutdown, OID_AUTO, poweroff_delay, CTLFLAG_RW,
578 	&poweroff_delay, 0, "");
579 
580 static void
581 poweroff_wait(void *junk, int howto)
582 {
583 
584 	if (!(howto & RB_POWEROFF) || poweroff_delay <= 0)
585 		return;
586 	DELAY(poweroff_delay * 1000);
587 }
588 
589 /*
590  * Some system processes (e.g. syncer) need to be stopped at appropriate
591  * points in their main loops prior to a system shutdown, so that they
592  * won't interfere with the shutdown process (e.g. by holding a disk buf
593  * to cause sync to fail).  For each of these system processes, register
594  * shutdown_kproc() as a handler for one of shutdown events.
595  */
596 static int kproc_shutdown_wait = 60;
597 SYSCTL_INT(_kern_shutdown, OID_AUTO, kproc_shutdown_wait, CTLFLAG_RW,
598     &kproc_shutdown_wait, 0, "");
599 
600 void
601 kproc_shutdown(void *arg, int howto)
602 {
603 	struct proc *p;
604 	char procname[MAXCOMLEN + 1];
605 	int error;
606 
607 	if (panicstr)
608 		return;
609 
610 	p = (struct proc *)arg;
611 	strlcpy(procname, p->p_comm, sizeof(procname));
612 	printf("Waiting (max %d seconds) for system process `%s' to stop...",
613 	    kproc_shutdown_wait, procname);
614 	error = kthread_suspend(p, kproc_shutdown_wait * hz);
615 
616 	if (error == EWOULDBLOCK)
617 		printf("timed out\n");
618 	else
619 		printf("done\n");
620 }
621 
622 /* Registration of dumpers */
623 int
624 set_dumper(struct dumperinfo *di)
625 {
626 
627 	if (di == NULL) {
628 		bzero(&dumper, sizeof dumper);
629 		return (0);
630 	}
631 	if (dumper.dumper != NULL)
632 		return (EBUSY);
633 	dumper = *di;
634 	return (0);
635 }
636 
637 #if defined(__powerpc__)
638 void
639 dumpsys(struct dumperinfo *di __unused)
640 {
641 
642 	printf("Kernel dumps not implemented on this architecture\n");
643 }
644 #endif
645