1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26
27 #include <sys/reboot.h>
28 #include <sys/systm.h>
29 #include <sys/archsystm.h>
30 #include <sys/machsystm.h>
31 #include <sys/promif.h>
32 #include <sys/promimpl.h>
33 #include <sys/prom_plat.h>
34 #include <sys/cpu_sgnblk_defs.h>
35 #include <sys/ivintr.h>
36 #include <sys/kdi.h>
37 #include <sys/kdi_machimpl.h>
38 #include <sys/callb.h>
39 #include <sys/wdt.h>
40 #include <c2/audit.h>
41
42 #ifdef TRAPTRACE
43 #include <sys/traptrace.h>
44 #endif /* TRAPTRACE */
45
46 extern void audit_enterprom();
47 extern void audit_exitprom();
48
49 /*
50 * Platforms that use CPU signatures need to set cpu_sgn_func
51 * to point to a platform specific function. This needs to
52 * be done in set_platform_defaults() within the platmod.
53 */
54 void (*cpu_sgn_func)(ushort_t, uchar_t, uchar_t, int) = NULL;
55
56 /*
57 * abort_seq_handler required by sysctrl.
58 */
59 void debug_enter(char *);
60 void (*abort_seq_handler)(char *) = debug_enter;
61
62 /*
63 * Platform tunable to disable the h/w watchdog timer.
64 */
65 extern void clear_watchdog_on_exit(void);
66
67 /*
68 * On sun4u platform, abort_sequence_enter() can be called at high PIL
69 * and we can't afford to acquire any adaptive mutex or use any
70 * condition variables as we are not allowed to sleep while running
71 * on interrupt stack. We work around this problem by posting a level
72 * 10 soft interrupt and then invoking the "abort_seq_handler" within
73 * that soft interrupt context.
74 *
75 * This has the side effect of not allowing us to drop into debugger
76 * when the kernel is stuck at high PIL (PIL > 10). It's better to
77 * be able to break into a hung system even if it means crashing the
78 * system. If a user presses L1-A more than once within a 15 seconds
79 * window, and the previous L1-A soft interrupt is still pending, then
80 * we directly invoke the abort_sequence_enter.
81 *
82 * Since the "msg" argument passed to abort_sequence_enter can refer
83 * to a message anywhere in memory, including stack, it's copied into
84 * abort_seq_msgbuf buffer for processing by the soft interrupt.
85 */
86
87 #define ABORT_SEQ_MSGBUFSZ 256
88 #define FORCE_ABORT_SEQ_INTERVAL ((hrtime_t)15 * NANOSEC)
89
90 static kmutex_t abort_seq_lock;
91 static uint64_t abort_seq_inum; /* abort seq softintr # */
92 static hrtime_t abort_seq_tstamp; /* hrtime of last abort seq */
93 static size_t abort_seq_msglen; /* abort seq message length */
94 static char abort_seq_msgbuf[ABORT_SEQ_MSGBUFSZ];
95
96 /*ARGSUSED0*/
97 static uint_t
abort_seq_softintr(caddr_t arg)98 abort_seq_softintr(caddr_t arg)
99 {
100 char *msg;
101 char msgbuf[ABORT_SEQ_MSGBUFSZ];
102 uint32_t auditing = AU_ZONE_AUDITING(GET_KCTX_GZ);
103
104 mutex_enter(&abort_seq_lock);
105 if (abort_enable != 0 && abort_seq_tstamp != 0LL) {
106 if (abort_seq_msglen > 0) {
107 bcopy(abort_seq_msgbuf, msgbuf, abort_seq_msglen);
108 msg = msgbuf;
109 } else
110 msg = NULL;
111 abort_seq_tstamp = 0LL;
112 mutex_exit(&abort_seq_lock);
113 if (auditing)
114 audit_enterprom(1);
115 (*abort_seq_handler)(msg);
116 if (auditing)
117 audit_exitprom(1);
118 } else {
119 mutex_exit(&abort_seq_lock);
120 if (auditing)
121 audit_enterprom(0);
122 }
123 return (1);
124 }
125
126 void
abort_sequence_init(void)127 abort_sequence_init(void)
128 {
129 mutex_init(&abort_seq_lock, NULL, MUTEX_SPIN, (void *)PIL_12);
130 abort_seq_tstamp = 0LL;
131 if (abort_seq_inum == 0)
132 abort_seq_inum = add_softintr(LOCK_LEVEL,
133 (softintrfunc)abort_seq_softintr, NULL, SOFTINT_ST);
134 }
135
136 /*
137 * Machine dependent abort sequence handling
138 */
139 void
abort_sequence_enter(char * msg)140 abort_sequence_enter(char *msg)
141 {
142 int s, on_intr;
143 size_t msglen;
144 hrtime_t tstamp;
145 int auditing = AU_ZONE_AUDITING(GET_KCTX_GZ);
146
147 if (abort_enable != 0) {
148 s = splhi();
149 on_intr = CPU_ON_INTR(CPU) || (spltoipl(s) > LOCK_LEVEL);
150 splx(s);
151
152 tstamp = gethrtime();
153 mutex_enter(&abort_seq_lock);
154
155 /*
156 * If we are on an interrupt stack and/or running at
157 * PIL > LOCK_LEVEL, then we post a softint and invoke
158 * abort_seq_handler from there as we can't afford to
159 * acquire any adaptive mutex here. However, if we
160 * already have a pending softint, which was posted
161 * within FORCE_ABORT_SEQ_INTERVAL duration, then we
162 * bypass softint approach as our softint may be blocked
163 * and the user really wants to drop into the debugger.
164 */
165 if (on_intr && abort_seq_inum != 0 &&
166 (abort_seq_tstamp == 0LL || tstamp >
167 (abort_seq_tstamp + FORCE_ABORT_SEQ_INTERVAL))) {
168 abort_seq_tstamp = tstamp;
169 if (msg != NULL) {
170 msglen = strlen(msg);
171 if (msglen >= ABORT_SEQ_MSGBUFSZ)
172 msglen = ABORT_SEQ_MSGBUFSZ - 1;
173 bcopy(msg, abort_seq_msgbuf, msglen);
174 abort_seq_msgbuf[msglen] = '\0';
175 abort_seq_msglen = msglen + 1;
176 } else
177 abort_seq_msglen = 0;
178 mutex_exit(&abort_seq_lock);
179 setsoftint(abort_seq_inum);
180 } else {
181 /*
182 * Ignore any pending abort sequence softint
183 * as we are invoking the abort_seq_handler
184 * here.
185 */
186 abort_seq_tstamp = 0LL;
187 mutex_exit(&abort_seq_lock);
188 if (!on_intr && auditing)
189 audit_enterprom(1);
190 (*abort_seq_handler)(msg);
191 if (!on_intr && auditing)
192 audit_exitprom(1);
193 }
194 } else {
195 if (auditing)
196 audit_enterprom(0);
197 }
198 }
199
200 /*
201 * Enter debugger. Called when the user types L1-A or break or whenever
202 * code wants to enter the debugger and possibly resume later.
203 * If the debugger isn't present, enter the PROM monitor.
204 *
205 * If console is a framebuffer which is powered off, it will be powered up
206 * before jumping to the debugger. If we are called above lock level, a
207 * softint is triggered to reenter this code and allow the fb to be powered
208 * up as in the less than lock level case. If this code is entered at greater
209 * than lock level and the fb is not already powered up, the msg argument
210 * will not be displayed.
211 */
212 void
debug_enter(char * msg)213 debug_enter(char *msg)
214 {
215 label_t old_pcb;
216 int s;
217 extern void pm_cfb_powerup(void);
218 extern void pm_cfb_rele(void);
219 extern void pm_cfb_trigger(void);
220 extern int pm_cfb_check_and_hold(void);
221
222 /*
223 * For platforms that use CPU signatures, update the signature
224 * to indicate that we are entering the debugger if we are in
225 * the middle of a panic flow.
226 */
227 if (panicstr)
228 CPU_SIGNATURE(OS_SIG, SIGST_EXIT, SIGSUBST_DEBUG, -1);
229
230 if (!panicstr)
231 (void) callb_execute_class(CB_CL_ENTER_DEBUGGER, 0);
232
233 if (pm_cfb_check_and_hold())
234 if (getpil() > LOCK_LEVEL) {
235 pm_cfb_trigger();
236 return;
237 } else
238 pm_cfb_powerup();
239 if (msg)
240 prom_printf("%s\n", msg);
241
242 clear_watchdog_on_exit();
243
244 if ((s = getpil()) < ipltospl(12))
245 s = splzs();
246
247 old_pcb = curthread->t_pcb;
248 (void) setjmp(&curthread->t_pcb);
249
250 if (boothowto & RB_DEBUG)
251 kmdb_enter();
252 else
253 prom_enter_mon();
254
255 restore_watchdog_on_entry();
256
257 curthread->t_pcb = old_pcb;
258 splx(s);
259 pm_cfb_rele();
260
261 if (!panicstr)
262 (void) callb_execute_class(CB_CL_ENTER_DEBUGGER, 1);
263
264 if (panicstr)
265 CPU_SIGNATURE(OS_SIG, SIGST_EXIT, SIGSUBST_PANIC_CONT, -1);
266 }
267
268 /*
269 * Halt the machine and return to the monitor
270 */
271 void
halt(char * s)272 halt(char *s)
273 {
274 flush_windows();
275 stop_other_cpus(); /* send stop signal to other CPUs */
276
277 if (s)
278 prom_printf("(%s) ", s);
279
280 /*
281 * For Platforms that use CPU signatures, we
282 * need to set the signature block to OS and
283 * the state to exiting for all the processors.
284 */
285 CPU_SIGNATURE(OS_SIG, SIGST_EXIT, SIGSUBST_HALT, -1);
286 prom_exit_to_mon();
287 /*NOTREACHED*/
288 }
289
290 /*
291 * Halt the machine and power off the system.
292 */
293 void
power_down(const char * s)294 power_down(const char *s)
295 {
296 flush_windows();
297 stop_other_cpus(); /* send stop signal to other CPUs */
298
299 if (s != NULL)
300 prom_printf("(%s) ", s);
301
302 /*
303 * For platforms that use CPU signatures, we need to set up the
304 * signature blocks to indicate that we have an environmental
305 * interrupt request to power down, and then exit to the prom monitor.
306 */
307 CPU_SIGNATURE(OS_SIG, SIGST_EXIT, SIGSUBST_ENVIRON, -1);
308 prom_power_off();
309 /*
310 * If here is reached, for some reason prom's power-off command failed.
311 * Prom should have already printed out error messages. Exit to
312 * firmware.
313 */
314 prom_exit_to_mon();
315 /*NOTREACHED*/
316 }
317
318 void
do_shutdown(void)319 do_shutdown(void)
320 {
321 proc_t *initpp;
322
323 /*
324 * If we're still booting and init(1) isn't set up yet, simply halt.
325 */
326 mutex_enter(&pidlock);
327 initpp = prfind(P_INITPID);
328 mutex_exit(&pidlock);
329 if (initpp == NULL) {
330 extern void halt(char *);
331 prom_power_off();
332 halt("Power off the System"); /* just in case */
333 }
334
335 /*
336 * else, graceful shutdown with inittab and all getting involved
337 */
338 psignal(initpp, SIGPWR);
339 }
340