1 /*- 2 * Copyright (c) 1986, 1988, 1991, 1993 3 * The Regents of the University of California. All rights reserved. 4 * (c) UNIX System Laboratories, Inc. 5 * All or some portions of this file are derived from material licensed 6 * to the University of California by American Telephone and Telegraph 7 * Co. or Unix System Laboratories, Inc. and are reproduced herein with 8 * the permission of UNIX System Laboratories, Inc. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 4. Neither the name of the University nor the names of its contributors 19 * may be used to endorse or promote products derived from this software 20 * without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * 34 * @(#)kern_shutdown.c 8.3 (Berkeley) 1/21/94 35 */ 36 37 #include <sys/cdefs.h> 38 __FBSDID("$FreeBSD$"); 39 40 #include "opt_ddb.h" 41 #include "opt_kdb.h" 42 #include "opt_panic.h" 43 #include "opt_sched.h" 44 #include "opt_watchdog.h" 45 46 #include <sys/param.h> 47 #include <sys/systm.h> 48 #include <sys/bio.h> 49 #include <sys/buf.h> 50 #include <sys/conf.h> 51 #include <sys/cons.h> 52 #include <sys/eventhandler.h> 53 #include <sys/jail.h> 54 #include <sys/kdb.h> 55 #include <sys/kernel.h> 56 #include <sys/kerneldump.h> 57 #include <sys/kthread.h> 58 #include <sys/ktr.h> 59 #include <sys/malloc.h> 60 #include <sys/mount.h> 61 #include <sys/priv.h> 62 #include <sys/proc.h> 63 #include <sys/reboot.h> 64 #include <sys/resourcevar.h> 65 #include <sys/sched.h> 66 #include <sys/smp.h> 67 #include <sys/sysctl.h> 68 #include <sys/sysproto.h> 69 #include <sys/vnode.h> 70 #include <sys/watchdog.h> 71 72 #include <ddb/ddb.h> 73 74 #include <machine/cpu.h> 75 #include <machine/pcb.h> 76 #include <machine/smp.h> 77 78 #include <security/mac/mac_framework.h> 79 80 #include <vm/vm.h> 81 #include <vm/vm_object.h> 82 #include <vm/vm_page.h> 83 #include <vm/vm_pager.h> 84 #include <vm/swap_pager.h> 85 86 #include <sys/signalvar.h> 87 88 #ifndef PANIC_REBOOT_WAIT_TIME 89 #define PANIC_REBOOT_WAIT_TIME 15 /* default to 15 seconds */ 90 #endif 91 92 /* 93 * Note that stdarg.h and the ANSI style va_start macro is used for both 94 * ANSI and traditional C compilers. 95 */ 96 #include <machine/stdarg.h> 97 98 #ifdef KDB 99 #ifdef KDB_UNATTENDED 100 int debugger_on_panic = 0; 101 #else 102 int debugger_on_panic = 1; 103 #endif 104 SYSCTL_INT(_debug, OID_AUTO, debugger_on_panic, 105 CTLFLAG_RW | CTLFLAG_SECURE | CTLFLAG_TUN, 106 &debugger_on_panic, 0, "Run debugger on kernel panic"); 107 TUNABLE_INT("debug.debugger_on_panic", &debugger_on_panic); 108 109 #ifdef KDB_TRACE 110 static int trace_on_panic = 1; 111 #else 112 static int trace_on_panic = 0; 113 #endif 114 SYSCTL_INT(_debug, OID_AUTO, trace_on_panic, 115 CTLFLAG_RW | CTLFLAG_SECURE | CTLFLAG_TUN, 116 &trace_on_panic, 0, "Print stack trace on kernel panic"); 117 TUNABLE_INT("debug.trace_on_panic", &trace_on_panic); 118 #endif /* KDB */ 119 120 static int sync_on_panic = 0; 121 SYSCTL_INT(_kern, OID_AUTO, sync_on_panic, CTLFLAG_RW | CTLFLAG_TUN, 122 &sync_on_panic, 0, "Do a sync before rebooting from a panic"); 123 TUNABLE_INT("kern.sync_on_panic", &sync_on_panic); 124 125 static SYSCTL_NODE(_kern, OID_AUTO, shutdown, CTLFLAG_RW, 0, 126 "Shutdown environment"); 127 128 #ifndef DIAGNOSTIC 129 static int show_busybufs; 130 #else 131 static int show_busybufs = 1; 132 #endif 133 SYSCTL_INT(_kern_shutdown, OID_AUTO, show_busybufs, CTLFLAG_RW, 134 &show_busybufs, 0, ""); 135 136 /* 137 * Variable panicstr contains argument to first call to panic; used as flag 138 * to indicate that the kernel has already called panic. 139 */ 140 const char *panicstr; 141 142 int dumping; /* system is dumping */ 143 int rebooting; /* system is rebooting */ 144 static struct dumperinfo dumper; /* our selected dumper */ 145 146 /* Context information for dump-debuggers. */ 147 static struct pcb dumppcb; /* Registers. */ 148 lwpid_t dumptid; /* Thread ID. */ 149 150 static void poweroff_wait(void *, int); 151 static void shutdown_halt(void *junk, int howto); 152 static void shutdown_panic(void *junk, int howto); 153 static void shutdown_reset(void *junk, int howto); 154 static void vpanic(const char *fmt, va_list ap) __dead2; 155 156 /* register various local shutdown events */ 157 static void 158 shutdown_conf(void *unused) 159 { 160 161 EVENTHANDLER_REGISTER(shutdown_final, poweroff_wait, NULL, 162 SHUTDOWN_PRI_FIRST); 163 EVENTHANDLER_REGISTER(shutdown_final, shutdown_halt, NULL, 164 SHUTDOWN_PRI_LAST + 100); 165 EVENTHANDLER_REGISTER(shutdown_final, shutdown_panic, NULL, 166 SHUTDOWN_PRI_LAST + 100); 167 EVENTHANDLER_REGISTER(shutdown_final, shutdown_reset, NULL, 168 SHUTDOWN_PRI_LAST + 200); 169 } 170 171 SYSINIT(shutdown_conf, SI_SUB_INTRINSIC, SI_ORDER_ANY, shutdown_conf, NULL); 172 173 /* 174 * The system call that results in a reboot. 175 */ 176 /* ARGSUSED */ 177 int 178 sys_reboot(struct thread *td, struct reboot_args *uap) 179 { 180 int error; 181 182 error = 0; 183 #ifdef MAC 184 error = mac_system_check_reboot(td->td_ucred, uap->opt); 185 #endif 186 if (error == 0) 187 error = priv_check(td, PRIV_REBOOT); 188 if (error == 0) { 189 mtx_lock(&Giant); 190 kern_reboot(uap->opt); 191 mtx_unlock(&Giant); 192 } 193 return (error); 194 } 195 196 /* 197 * Called by events that want to shut down.. e.g <CTL><ALT><DEL> on a PC 198 */ 199 static int shutdown_howto = 0; 200 201 void 202 shutdown_nice(int howto) 203 { 204 205 shutdown_howto = howto; 206 207 /* Send a signal to init(8) and have it shutdown the world */ 208 if (initproc != NULL) { 209 PROC_LOCK(initproc); 210 kern_psignal(initproc, SIGINT); 211 PROC_UNLOCK(initproc); 212 } else { 213 /* No init(8) running, so simply reboot */ 214 kern_reboot(RB_NOSYNC); 215 } 216 return; 217 } 218 static int waittime = -1; 219 220 static void 221 print_uptime(void) 222 { 223 int f; 224 struct timespec ts; 225 226 getnanouptime(&ts); 227 printf("Uptime: "); 228 f = 0; 229 if (ts.tv_sec >= 86400) { 230 printf("%ldd", (long)ts.tv_sec / 86400); 231 ts.tv_sec %= 86400; 232 f = 1; 233 } 234 if (f || ts.tv_sec >= 3600) { 235 printf("%ldh", (long)ts.tv_sec / 3600); 236 ts.tv_sec %= 3600; 237 f = 1; 238 } 239 if (f || ts.tv_sec >= 60) { 240 printf("%ldm", (long)ts.tv_sec / 60); 241 ts.tv_sec %= 60; 242 f = 1; 243 } 244 printf("%lds\n", (long)ts.tv_sec); 245 } 246 247 int 248 doadump(boolean_t textdump) 249 { 250 boolean_t coredump; 251 252 if (dumping) 253 return (EBUSY); 254 if (dumper.dumper == NULL) 255 return (ENXIO); 256 257 savectx(&dumppcb); 258 dumptid = curthread->td_tid; 259 dumping++; 260 261 coredump = TRUE; 262 #ifdef DDB 263 if (textdump && textdump_pending) { 264 coredump = FALSE; 265 textdump_dumpsys(&dumper); 266 } 267 #endif 268 if (coredump) 269 dumpsys(&dumper); 270 271 dumping--; 272 return (0); 273 } 274 275 static int 276 isbufbusy(struct buf *bp) 277 { 278 if (((bp->b_flags & (B_INVAL | B_PERSISTENT)) == 0 && 279 BUF_ISLOCKED(bp)) || 280 ((bp->b_flags & (B_DELWRI | B_INVAL)) == B_DELWRI)) 281 return (1); 282 return (0); 283 } 284 285 /* 286 * Shutdown the system cleanly to prepare for reboot, halt, or power off. 287 */ 288 void 289 kern_reboot(int howto) 290 { 291 static int first_buf_printf = 1; 292 293 #if defined(SMP) 294 /* 295 * Bind us to CPU 0 so that all shutdown code runs there. Some 296 * systems don't shutdown properly (i.e., ACPI power off) if we 297 * run on another processor. 298 */ 299 if (!SCHEDULER_STOPPED()) { 300 thread_lock(curthread); 301 sched_bind(curthread, 0); 302 thread_unlock(curthread); 303 KASSERT(PCPU_GET(cpuid) == 0, ("boot: not running on cpu 0")); 304 } 305 #endif 306 /* We're in the process of rebooting. */ 307 rebooting = 1; 308 309 /* collect extra flags that shutdown_nice might have set */ 310 howto |= shutdown_howto; 311 312 /* We are out of the debugger now. */ 313 kdb_active = 0; 314 315 /* 316 * Do any callouts that should be done BEFORE syncing the filesystems. 317 */ 318 EVENTHANDLER_INVOKE(shutdown_pre_sync, howto); 319 320 /* 321 * Now sync filesystems 322 */ 323 if (!cold && (howto & RB_NOSYNC) == 0 && waittime < 0) { 324 register struct buf *bp; 325 int iter, nbusy, pbusy; 326 #ifndef PREEMPTION 327 int subiter; 328 #endif 329 330 waittime = 0; 331 332 wdog_kern_pat(WD_LASTVAL); 333 sys_sync(curthread, NULL); 334 335 /* 336 * With soft updates, some buffers that are 337 * written will be remarked as dirty until other 338 * buffers are written. 339 */ 340 for (iter = pbusy = 0; iter < 20; iter++) { 341 nbusy = 0; 342 for (bp = &buf[nbuf]; --bp >= buf; ) 343 if (isbufbusy(bp)) 344 nbusy++; 345 if (nbusy == 0) { 346 if (first_buf_printf) 347 printf("All buffers synced."); 348 break; 349 } 350 if (first_buf_printf) { 351 printf("Syncing disks, buffers remaining... "); 352 first_buf_printf = 0; 353 } 354 printf("%d ", nbusy); 355 if (nbusy < pbusy) 356 iter = 0; 357 pbusy = nbusy; 358 359 wdog_kern_pat(WD_LASTVAL); 360 sys_sync(curthread, NULL); 361 362 #ifdef PREEMPTION 363 /* 364 * Drop Giant and spin for a while to allow 365 * interrupt threads to run. 366 */ 367 DROP_GIANT(); 368 DELAY(50000 * iter); 369 PICKUP_GIANT(); 370 #else 371 /* 372 * Drop Giant and context switch several times to 373 * allow interrupt threads to run. 374 */ 375 DROP_GIANT(); 376 for (subiter = 0; subiter < 50 * iter; subiter++) { 377 thread_lock(curthread); 378 mi_switch(SW_VOL, NULL); 379 thread_unlock(curthread); 380 DELAY(1000); 381 } 382 PICKUP_GIANT(); 383 #endif 384 } 385 printf("\n"); 386 /* 387 * Count only busy local buffers to prevent forcing 388 * a fsck if we're just a client of a wedged NFS server 389 */ 390 nbusy = 0; 391 for (bp = &buf[nbuf]; --bp >= buf; ) { 392 if (isbufbusy(bp)) { 393 #if 0 394 /* XXX: This is bogus. We should probably have a BO_REMOTE flag instead */ 395 if (bp->b_dev == NULL) { 396 TAILQ_REMOVE(&mountlist, 397 bp->b_vp->v_mount, mnt_list); 398 continue; 399 } 400 #endif 401 nbusy++; 402 if (show_busybufs > 0) { 403 printf( 404 "%d: buf:%p, vnode:%p, flags:%0x, blkno:%jd, lblkno:%jd, buflock:", 405 nbusy, bp, bp->b_vp, bp->b_flags, 406 (intmax_t)bp->b_blkno, 407 (intmax_t)bp->b_lblkno); 408 BUF_LOCKPRINTINFO(bp); 409 if (show_busybufs > 1) 410 vn_printf(bp->b_vp, 411 "vnode content: "); 412 } 413 } 414 } 415 if (nbusy) { 416 /* 417 * Failed to sync all blocks. Indicate this and don't 418 * unmount filesystems (thus forcing an fsck on reboot). 419 */ 420 printf("Giving up on %d buffers\n", nbusy); 421 DELAY(5000000); /* 5 seconds */ 422 } else { 423 if (!first_buf_printf) 424 printf("Final sync complete\n"); 425 /* 426 * Unmount filesystems 427 */ 428 if (panicstr == 0) 429 vfs_unmountall(); 430 } 431 swapoff_all(); 432 DELAY(100000); /* wait for console output to finish */ 433 } 434 435 print_uptime(); 436 437 cngrab(); 438 439 /* 440 * Ok, now do things that assume all filesystem activity has 441 * been completed. 442 */ 443 EVENTHANDLER_INVOKE(shutdown_post_sync, howto); 444 445 if ((howto & (RB_HALT|RB_DUMP)) == RB_DUMP && !cold && !dumping) 446 doadump(TRUE); 447 448 /* Now that we're going to really halt the system... */ 449 EVENTHANDLER_INVOKE(shutdown_final, howto); 450 451 for(;;) ; /* safety against shutdown_reset not working */ 452 /* NOTREACHED */ 453 } 454 455 /* 456 * If the shutdown was a clean halt, behave accordingly. 457 */ 458 static void 459 shutdown_halt(void *junk, int howto) 460 { 461 462 if (howto & RB_HALT) { 463 printf("\n"); 464 printf("The operating system has halted.\n"); 465 printf("Please press any key to reboot.\n\n"); 466 switch (cngetc()) { 467 case -1: /* No console, just die */ 468 cpu_halt(); 469 /* NOTREACHED */ 470 default: 471 howto &= ~RB_HALT; 472 break; 473 } 474 } 475 } 476 477 /* 478 * Check to see if the system paniced, pause and then reboot 479 * according to the specified delay. 480 */ 481 static void 482 shutdown_panic(void *junk, int howto) 483 { 484 int loop; 485 486 if (howto & RB_DUMP) { 487 if (PANIC_REBOOT_WAIT_TIME != 0) { 488 if (PANIC_REBOOT_WAIT_TIME != -1) { 489 printf("Automatic reboot in %d seconds - " 490 "press a key on the console to abort\n", 491 PANIC_REBOOT_WAIT_TIME); 492 for (loop = PANIC_REBOOT_WAIT_TIME * 10; 493 loop > 0; --loop) { 494 DELAY(1000 * 100); /* 1/10th second */ 495 /* Did user type a key? */ 496 if (cncheckc() != -1) 497 break; 498 } 499 if (!loop) 500 return; 501 } 502 } else { /* zero time specified - reboot NOW */ 503 return; 504 } 505 printf("--> Press a key on the console to reboot,\n"); 506 printf("--> or switch off the system now.\n"); 507 cngetc(); 508 } 509 } 510 511 /* 512 * Everything done, now reset 513 */ 514 static void 515 shutdown_reset(void *junk, int howto) 516 { 517 518 printf("Rebooting...\n"); 519 DELAY(1000000); /* wait 1 sec for printf's to complete and be read */ 520 521 /* 522 * Acquiring smp_ipi_mtx here has a double effect: 523 * - it disables interrupts avoiding CPU0 preemption 524 * by fast handlers (thus deadlocking against other CPUs) 525 * - it avoids deadlocks against smp_rendezvous() or, more 526 * generally, threads busy-waiting, with this spinlock held, 527 * and waiting for responses by threads on other CPUs 528 * (ie. smp_tlb_shootdown()). 529 * 530 * For the !SMP case it just needs to handle the former problem. 531 */ 532 #ifdef SMP 533 mtx_lock_spin(&smp_ipi_mtx); 534 #else 535 spinlock_enter(); 536 #endif 537 538 /* cpu_boot(howto); */ /* doesn't do anything at the moment */ 539 cpu_reset(); 540 /* NOTREACHED */ /* assuming reset worked */ 541 } 542 543 #if defined(WITNESS) || defined(INVARIANTS) 544 static int kassert_warn_only = 0; 545 #ifdef KDB 546 static int kassert_do_kdb = 0; 547 #endif 548 #ifdef KTR 549 static int kassert_do_ktr = 0; 550 #endif 551 static int kassert_do_log = 1; 552 static int kassert_log_pps_limit = 4; 553 static int kassert_log_mute_at = 0; 554 static int kassert_log_panic_at = 0; 555 static int kassert_warnings = 0; 556 557 SYSCTL_NODE(_debug, OID_AUTO, kassert, CTLFLAG_RW, NULL, "kassert options"); 558 559 SYSCTL_INT(_debug_kassert, OID_AUTO, warn_only, CTLFLAG_RW | CTLFLAG_TUN, 560 &kassert_warn_only, 0, 561 "KASSERT triggers a panic (1) or just a warning (0)"); 562 TUNABLE_INT("debug.kassert.warn_only", &kassert_warn_only); 563 564 #ifdef KDB 565 SYSCTL_INT(_debug_kassert, OID_AUTO, do_kdb, CTLFLAG_RW | CTLFLAG_TUN, 566 &kassert_do_kdb, 0, "KASSERT will enter the debugger"); 567 TUNABLE_INT("debug.kassert.do_kdb", &kassert_do_kdb); 568 #endif 569 570 #ifdef KTR 571 SYSCTL_UINT(_debug_kassert, OID_AUTO, do_ktr, CTLFLAG_RW | CTLFLAG_TUN, 572 &kassert_do_ktr, 0, 573 "KASSERT does a KTR, set this to the KTRMASK you want"); 574 TUNABLE_INT("debug.kassert.do_ktr", &kassert_do_ktr); 575 #endif 576 577 SYSCTL_INT(_debug_kassert, OID_AUTO, do_log, CTLFLAG_RW | CTLFLAG_TUN, 578 &kassert_do_log, 0, "KASSERT triggers a panic (1) or just a warning (0)"); 579 TUNABLE_INT("debug.kassert.do_log", &kassert_do_log); 580 581 SYSCTL_INT(_debug_kassert, OID_AUTO, warnings, CTLFLAG_RW | CTLFLAG_TUN, 582 &kassert_warnings, 0, "number of KASSERTs that have been triggered"); 583 TUNABLE_INT("debug.kassert.warnings", &kassert_warnings); 584 585 SYSCTL_INT(_debug_kassert, OID_AUTO, log_panic_at, CTLFLAG_RW | CTLFLAG_TUN, 586 &kassert_log_panic_at, 0, "max number of KASSERTS before we will panic"); 587 TUNABLE_INT("debug.kassert.log_panic_at", &kassert_log_panic_at); 588 589 SYSCTL_INT(_debug_kassert, OID_AUTO, log_pps_limit, CTLFLAG_RW | CTLFLAG_TUN, 590 &kassert_log_pps_limit, 0, "limit number of log messages per second"); 591 TUNABLE_INT("debug.kassert.log_pps_limit", &kassert_log_pps_limit); 592 593 SYSCTL_INT(_debug_kassert, OID_AUTO, log_mute_at, CTLFLAG_RW | CTLFLAG_TUN, 594 &kassert_log_mute_at, 0, "max number of KASSERTS to log"); 595 TUNABLE_INT("debug.kassert.log_mute_at", &kassert_log_mute_at); 596 597 static int kassert_sysctl_kassert(SYSCTL_HANDLER_ARGS); 598 599 SYSCTL_PROC(_debug_kassert, OID_AUTO, kassert, 600 CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0, 601 kassert_sysctl_kassert, "I", "set to trigger a test kassert"); 602 603 static int 604 kassert_sysctl_kassert(SYSCTL_HANDLER_ARGS) 605 { 606 int error, i; 607 608 error = sysctl_wire_old_buffer(req, sizeof(int)); 609 if (error == 0) { 610 i = 0; 611 error = sysctl_handle_int(oidp, &i, 0, req); 612 } 613 if (error != 0 || req->newptr == NULL) 614 return (error); 615 KASSERT(0, ("kassert_sysctl_kassert triggered kassert %d", i)); 616 return (0); 617 } 618 619 /* 620 * Called by KASSERT, this decides if we will panic 621 * or if we will log via printf and/or ktr. 622 */ 623 void 624 kassert_panic(const char *fmt, ...) 625 { 626 static char buf[256]; 627 va_list ap; 628 629 va_start(ap, fmt); 630 (void)vsnprintf(buf, sizeof(buf), fmt, ap); 631 va_end(ap); 632 633 /* 634 * panic if we're not just warning, or if we've exceeded 635 * kassert_log_panic_at warnings. 636 */ 637 if (!kassert_warn_only || 638 (kassert_log_panic_at > 0 && 639 kassert_warnings >= kassert_log_panic_at)) { 640 va_start(ap, fmt); 641 vpanic(fmt, ap); 642 /* NORETURN */ 643 } 644 #ifdef KTR 645 if (kassert_do_ktr) 646 CTR0(ktr_mask, buf); 647 #endif /* KTR */ 648 /* 649 * log if we've not yet met the mute limit. 650 */ 651 if (kassert_do_log && 652 (kassert_log_mute_at == 0 || 653 kassert_warnings < kassert_log_mute_at)) { 654 static struct timeval lasterr; 655 static int curerr; 656 657 if (ppsratecheck(&lasterr, &curerr, kassert_log_pps_limit)) { 658 printf("KASSERT failed: %s\n", buf); 659 kdb_backtrace(); 660 } 661 } 662 #ifdef KDB 663 if (kassert_do_kdb) { 664 kdb_enter(KDB_WHY_KASSERT, buf); 665 } 666 #endif 667 atomic_add_int(&kassert_warnings, 1); 668 } 669 #endif 670 671 /* 672 * Panic is called on unresolvable fatal errors. It prints "panic: mesg", 673 * and then reboots. If we are called twice, then we avoid trying to sync 674 * the disks as this often leads to recursive panics. 675 */ 676 void 677 panic(const char *fmt, ...) 678 { 679 va_list ap; 680 681 va_start(ap, fmt); 682 vpanic(fmt, ap); 683 } 684 685 static void 686 vpanic(const char *fmt, va_list ap) 687 { 688 #ifdef SMP 689 cpuset_t other_cpus; 690 #endif 691 struct thread *td = curthread; 692 int bootopt, newpanic; 693 static char buf[256]; 694 695 spinlock_enter(); 696 697 #ifdef SMP 698 /* 699 * stop_cpus_hard(other_cpus) should prevent multiple CPUs from 700 * concurrently entering panic. Only the winner will proceed 701 * further. 702 */ 703 if (panicstr == NULL && !kdb_active) { 704 other_cpus = all_cpus; 705 CPU_CLR(PCPU_GET(cpuid), &other_cpus); 706 stop_cpus_hard(other_cpus); 707 } 708 709 /* 710 * We set stop_scheduler here and not in the block above, 711 * because we want to ensure that if panic has been called and 712 * stop_scheduler_on_panic is true, then stop_scheduler will 713 * always be set. Even if panic has been entered from kdb. 714 */ 715 td->td_stopsched = 1; 716 #endif 717 718 bootopt = RB_AUTOBOOT; 719 newpanic = 0; 720 if (panicstr) 721 bootopt |= RB_NOSYNC; 722 else { 723 bootopt |= RB_DUMP; 724 panicstr = fmt; 725 newpanic = 1; 726 } 727 728 if (newpanic) { 729 (void)vsnprintf(buf, sizeof(buf), fmt, ap); 730 panicstr = buf; 731 cngrab(); 732 printf("panic: %s\n", buf); 733 } else { 734 printf("panic: "); 735 vprintf(fmt, ap); 736 printf("\n"); 737 } 738 #ifdef SMP 739 printf("cpuid = %d\n", PCPU_GET(cpuid)); 740 #endif 741 742 #ifdef KDB 743 if (newpanic && trace_on_panic) 744 kdb_backtrace(); 745 if (debugger_on_panic) 746 kdb_enter(KDB_WHY_PANIC, "panic"); 747 #endif 748 /*thread_lock(td); */ 749 td->td_flags |= TDF_INPANIC; 750 /* thread_unlock(td); */ 751 if (!sync_on_panic) 752 bootopt |= RB_NOSYNC; 753 kern_reboot(bootopt); 754 } 755 756 /* 757 * Support for poweroff delay. 758 * 759 * Please note that setting this delay too short might power off your machine 760 * before the write cache on your hard disk has been flushed, leading to 761 * soft-updates inconsistencies. 762 */ 763 #ifndef POWEROFF_DELAY 764 # define POWEROFF_DELAY 5000 765 #endif 766 static int poweroff_delay = POWEROFF_DELAY; 767 768 SYSCTL_INT(_kern_shutdown, OID_AUTO, poweroff_delay, CTLFLAG_RW, 769 &poweroff_delay, 0, "Delay before poweroff to write disk caches (msec)"); 770 771 static void 772 poweroff_wait(void *junk, int howto) 773 { 774 775 if (!(howto & RB_POWEROFF) || poweroff_delay <= 0) 776 return; 777 DELAY(poweroff_delay * 1000); 778 } 779 780 /* 781 * Some system processes (e.g. syncer) need to be stopped at appropriate 782 * points in their main loops prior to a system shutdown, so that they 783 * won't interfere with the shutdown process (e.g. by holding a disk buf 784 * to cause sync to fail). For each of these system processes, register 785 * shutdown_kproc() as a handler for one of shutdown events. 786 */ 787 static int kproc_shutdown_wait = 60; 788 SYSCTL_INT(_kern_shutdown, OID_AUTO, kproc_shutdown_wait, CTLFLAG_RW, 789 &kproc_shutdown_wait, 0, "Max wait time (sec) to stop for each process"); 790 791 void 792 kproc_shutdown(void *arg, int howto) 793 { 794 struct proc *p; 795 int error; 796 797 if (panicstr) 798 return; 799 800 p = (struct proc *)arg; 801 printf("Waiting (max %d seconds) for system process `%s' to stop...", 802 kproc_shutdown_wait, p->p_comm); 803 error = kproc_suspend(p, kproc_shutdown_wait * hz); 804 805 if (error == EWOULDBLOCK) 806 printf("timed out\n"); 807 else 808 printf("done\n"); 809 } 810 811 void 812 kthread_shutdown(void *arg, int howto) 813 { 814 struct thread *td; 815 int error; 816 817 if (panicstr) 818 return; 819 820 td = (struct thread *)arg; 821 printf("Waiting (max %d seconds) for system thread `%s' to stop...", 822 kproc_shutdown_wait, td->td_name); 823 error = kthread_suspend(td, kproc_shutdown_wait * hz); 824 825 if (error == EWOULDBLOCK) 826 printf("timed out\n"); 827 else 828 printf("done\n"); 829 } 830 831 static char dumpdevname[sizeof(((struct cdev*)NULL)->si_name)]; 832 SYSCTL_STRING(_kern_shutdown, OID_AUTO, dumpdevname, CTLFLAG_RD, 833 dumpdevname, 0, "Device for kernel dumps"); 834 835 /* Registration of dumpers */ 836 int 837 set_dumper(struct dumperinfo *di, const char *devname) 838 { 839 size_t wantcopy; 840 841 if (di == NULL) { 842 bzero(&dumper, sizeof dumper); 843 dumpdevname[0] = '\0'; 844 return (0); 845 } 846 if (dumper.dumper != NULL) 847 return (EBUSY); 848 dumper = *di; 849 wantcopy = strlcpy(dumpdevname, devname, sizeof(dumpdevname)); 850 if (wantcopy >= sizeof(dumpdevname)) { 851 printf("set_dumper: device name truncated from '%s' -> '%s'\n", 852 devname, dumpdevname); 853 } 854 return (0); 855 } 856 857 /* Call dumper with bounds checking. */ 858 int 859 dump_write(struct dumperinfo *di, void *virtual, vm_offset_t physical, 860 off_t offset, size_t length) 861 { 862 863 if (length != 0 && (offset < di->mediaoffset || 864 offset - di->mediaoffset + length > di->mediasize)) { 865 printf("Attempt to write outside dump device boundaries.\n" 866 "offset(%jd), mediaoffset(%jd), length(%ju), mediasize(%jd).\n", 867 (intmax_t)offset, (intmax_t)di->mediaoffset, 868 (uintmax_t)length, (intmax_t)di->mediasize); 869 return (ENOSPC); 870 } 871 return (di->dumper(di->priv, virtual, physical, offset, length)); 872 } 873 874 void 875 mkdumpheader(struct kerneldumpheader *kdh, char *magic, uint32_t archver, 876 uint64_t dumplen, uint32_t blksz) 877 { 878 879 bzero(kdh, sizeof(*kdh)); 880 strncpy(kdh->magic, magic, sizeof(kdh->magic)); 881 strncpy(kdh->architecture, MACHINE_ARCH, sizeof(kdh->architecture)); 882 kdh->version = htod32(KERNELDUMPVERSION); 883 kdh->architectureversion = htod32(archver); 884 kdh->dumplength = htod64(dumplen); 885 kdh->dumptime = htod64(time_second); 886 kdh->blocksize = htod32(blksz); 887 strncpy(kdh->hostname, prison0.pr_hostname, sizeof(kdh->hostname)); 888 strncpy(kdh->versionstring, version, sizeof(kdh->versionstring)); 889 if (panicstr != NULL) 890 strncpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring)); 891 kdh->parity = kerneldump_parity(kdh); 892 } 893