1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 27 #include <sys/reboot.h> 28 #include <sys/systm.h> 29 #include <sys/archsystm.h> 30 #include <sys/machsystm.h> 31 #include <sys/promif.h> 32 #include <sys/promimpl.h> 33 #include <sys/prom_plat.h> 34 #include <sys/cpu_sgnblk_defs.h> 35 #include <sys/ivintr.h> 36 #include <sys/kdi.h> 37 #include <sys/kdi_machimpl.h> 38 #include <sys/callb.h> 39 #include <sys/wdt.h> 40 #include <c2/audit.h> 41 42 #ifdef TRAPTRACE 43 #include <sys/traptrace.h> 44 #endif /* TRAPTRACE */ 45 46 extern void audit_enterprom(); 47 extern void audit_exitprom(); 48 49 /* 50 * Platforms that use CPU signatures need to set cpu_sgn_func 51 * to point to a platform specific function. This needs to 52 * be done in set_platform_defaults() within the platmod. 53 */ 54 void (*cpu_sgn_func)(ushort_t, uchar_t, uchar_t, int) = NULL; 55 56 /* 57 * abort_seq_handler required by sysctrl. 58 */ 59 void debug_enter(char *); 60 void (*abort_seq_handler)(char *) = debug_enter; 61 62 /* 63 * Platform tunable to disable the h/w watchdog timer. 64 */ 65 extern void clear_watchdog_on_exit(void); 66 67 /* 68 * On sun4u platform, abort_sequence_enter() can be called at high PIL 69 * and we can't afford to acquire any adaptive mutex or use any 70 * condition variables as we are not allowed to sleep while running 71 * on interrupt stack. We work around this problem by posting a level 72 * 10 soft interrupt and then invoking the "abort_seq_handler" within 73 * that soft interrupt context. 74 * 75 * This has the side effect of not allowing us to drop into debugger 76 * when the kernel is stuck at high PIL (PIL > 10). It's better to 77 * be able to break into a hung system even if it means crashing the 78 * system. If a user presses L1-A more than once within a 15 seconds 79 * window, and the previous L1-A soft interrupt is still pending, then 80 * we directly invoke the abort_sequence_enter. 81 * 82 * Since the "msg" argument passed to abort_sequence_enter can refer 83 * to a message anywhere in memory, including stack, it's copied into 84 * abort_seq_msgbuf buffer for processing by the soft interrupt. 85 */ 86 87 #define ABORT_SEQ_MSGBUFSZ 256 88 #define FORCE_ABORT_SEQ_INTERVAL ((hrtime_t)15 * NANOSEC) 89 90 static kmutex_t abort_seq_lock; 91 static uint64_t abort_seq_inum; /* abort seq softintr # */ 92 static hrtime_t abort_seq_tstamp; /* hrtime of last abort seq */ 93 static size_t abort_seq_msglen; /* abort seq message length */ 94 static char abort_seq_msgbuf[ABORT_SEQ_MSGBUFSZ]; 95 96 /*ARGSUSED0*/ 97 static uint_t 98 abort_seq_softintr(caddr_t arg) 99 { 100 char *msg; 101 char msgbuf[ABORT_SEQ_MSGBUFSZ]; 102 uint32_t auditing = AU_ZONE_AUDITING(GET_KCTX_GZ); 103 104 mutex_enter(&abort_seq_lock); 105 if (abort_enable != 0 && abort_seq_tstamp != 0LL) { 106 if (abort_seq_msglen > 0) { 107 bcopy(abort_seq_msgbuf, msgbuf, abort_seq_msglen); 108 msg = msgbuf; 109 } else 110 msg = NULL; 111 abort_seq_tstamp = 0LL; 112 mutex_exit(&abort_seq_lock); 113 if (auditing) 114 audit_enterprom(1); 115 (*abort_seq_handler)(msg); 116 if (auditing) 117 audit_exitprom(1); 118 } else { 119 mutex_exit(&abort_seq_lock); 120 if (auditing) 121 audit_enterprom(0); 122 } 123 return (1); 124 } 125 126 void 127 abort_sequence_init(void) 128 { 129 mutex_init(&abort_seq_lock, NULL, MUTEX_SPIN, (void *)PIL_12); 130 abort_seq_tstamp = 0LL; 131 if (abort_seq_inum == 0) 132 abort_seq_inum = add_softintr(LOCK_LEVEL, 133 (softintrfunc)abort_seq_softintr, NULL, SOFTINT_ST); 134 } 135 136 /* 137 * Machine dependent abort sequence handling 138 */ 139 void 140 abort_sequence_enter(char *msg) 141 { 142 int s, on_intr; 143 size_t msglen; 144 hrtime_t tstamp; 145 int auditing = AU_ZONE_AUDITING(GET_KCTX_GZ); 146 147 if (abort_enable != 0) { 148 s = splhi(); 149 on_intr = CPU_ON_INTR(CPU) || (spltoipl(s) > LOCK_LEVEL); 150 splx(s); 151 152 tstamp = gethrtime(); 153 mutex_enter(&abort_seq_lock); 154 155 /* 156 * If we are on an interrupt stack and/or running at 157 * PIL > LOCK_LEVEL, then we post a softint and invoke 158 * abort_seq_handler from there as we can't afford to 159 * acquire any adaptive mutex here. However, if we 160 * already have a pending softint, which was posted 161 * within FORCE_ABORT_SEQ_INTERVAL duration, then we 162 * bypass softint approach as our softint may be blocked 163 * and the user really wants to drop into the debugger. 164 */ 165 if (on_intr && abort_seq_inum != 0 && 166 (abort_seq_tstamp == 0LL || tstamp > 167 (abort_seq_tstamp + FORCE_ABORT_SEQ_INTERVAL))) { 168 abort_seq_tstamp = tstamp; 169 if (msg != NULL) { 170 msglen = strlen(msg); 171 if (msglen >= ABORT_SEQ_MSGBUFSZ) 172 msglen = ABORT_SEQ_MSGBUFSZ - 1; 173 bcopy(msg, abort_seq_msgbuf, msglen); 174 abort_seq_msgbuf[msglen] = '\0'; 175 abort_seq_msglen = msglen + 1; 176 } else 177 abort_seq_msglen = 0; 178 mutex_exit(&abort_seq_lock); 179 setsoftint(abort_seq_inum); 180 } else { 181 /* 182 * Ignore any pending abort sequence softint 183 * as we are invoking the abort_seq_handler 184 * here. 185 */ 186 abort_seq_tstamp = 0LL; 187 mutex_exit(&abort_seq_lock); 188 if (!on_intr && auditing) 189 audit_enterprom(1); 190 (*abort_seq_handler)(msg); 191 if (!on_intr && auditing) 192 audit_exitprom(1); 193 } 194 } else { 195 if (auditing) 196 audit_enterprom(0); 197 } 198 } 199 200 /* 201 * Enter debugger. Called when the user types L1-A or break or whenever 202 * code wants to enter the debugger and possibly resume later. 203 * If the debugger isn't present, enter the PROM monitor. 204 * 205 * If console is a framebuffer which is powered off, it will be powered up 206 * before jumping to the debugger. If we are called above lock level, a 207 * softint is triggered to reenter this code and allow the fb to be powered 208 * up as in the less than lock level case. If this code is entered at greater 209 * than lock level and the fb is not already powered up, the msg argument 210 * will not be displayed. 211 */ 212 void 213 debug_enter(char *msg) 214 { 215 label_t old_pcb; 216 int s; 217 extern void pm_cfb_powerup(void); 218 extern void pm_cfb_rele(void); 219 extern void pm_cfb_trigger(void); 220 extern int pm_cfb_check_and_hold(void); 221 222 /* 223 * For platforms that use CPU signatures, update the signature 224 * to indicate that we are entering the debugger if we are in 225 * the middle of a panic flow. 226 */ 227 if (panicstr) 228 CPU_SIGNATURE(OS_SIG, SIGST_EXIT, SIGSUBST_DEBUG, -1); 229 230 if (!panicstr) 231 (void) callb_execute_class(CB_CL_ENTER_DEBUGGER, 0); 232 233 if (pm_cfb_check_and_hold()) 234 if (getpil() > LOCK_LEVEL) { 235 pm_cfb_trigger(); 236 return; 237 } else 238 pm_cfb_powerup(); 239 if (msg) 240 prom_printf("%s\n", msg); 241 242 clear_watchdog_on_exit(); 243 244 if ((s = getpil()) < ipltospl(12)) 245 s = splzs(); 246 247 old_pcb = curthread->t_pcb; 248 (void) setjmp(&curthread->t_pcb); 249 250 if (boothowto & RB_DEBUG) 251 kmdb_enter(); 252 else 253 prom_enter_mon(); 254 255 restore_watchdog_on_entry(); 256 257 curthread->t_pcb = old_pcb; 258 splx(s); 259 pm_cfb_rele(); 260 261 if (!panicstr) 262 (void) callb_execute_class(CB_CL_ENTER_DEBUGGER, 1); 263 264 if (panicstr) 265 CPU_SIGNATURE(OS_SIG, SIGST_EXIT, SIGSUBST_PANIC_CONT, -1); 266 } 267 268 /* 269 * Halt the machine and return to the monitor 270 */ 271 void 272 halt(char *s) 273 { 274 flush_windows(); 275 stop_other_cpus(); /* send stop signal to other CPUs */ 276 277 if (s) 278 prom_printf("(%s) ", s); 279 280 /* 281 * For Platforms that use CPU signatures, we 282 * need to set the signature block to OS and 283 * the state to exiting for all the processors. 284 */ 285 CPU_SIGNATURE(OS_SIG, SIGST_EXIT, SIGSUBST_HALT, -1); 286 prom_exit_to_mon(); 287 /*NOTREACHED*/ 288 } 289 290 /* 291 * Halt the machine and power off the system. 292 */ 293 void 294 power_down(const char *s) 295 { 296 flush_windows(); 297 stop_other_cpus(); /* send stop signal to other CPUs */ 298 299 if (s != NULL) 300 prom_printf("(%s) ", s); 301 302 /* 303 * For platforms that use CPU signatures, we need to set up the 304 * signature blocks to indicate that we have an environmental 305 * interrupt request to power down, and then exit to the prom monitor. 306 */ 307 CPU_SIGNATURE(OS_SIG, SIGST_EXIT, SIGSUBST_ENVIRON, -1); 308 prom_power_off(); 309 /* 310 * If here is reached, for some reason prom's power-off command failed. 311 * Prom should have already printed out error messages. Exit to 312 * firmware. 313 */ 314 prom_exit_to_mon(); 315 /*NOTREACHED*/ 316 } 317 318 void 319 do_shutdown(void) 320 { 321 proc_t *initpp; 322 323 /* 324 * If we're still booting and init(1) isn't set up yet, simply halt. 325 */ 326 mutex_enter(&pidlock); 327 initpp = prfind(P_INITPID); 328 mutex_exit(&pidlock); 329 if (initpp == NULL) { 330 extern void halt(char *); 331 prom_power_off(); 332 halt("Power off the System"); /* just in case */ 333 } 334 335 /* 336 * else, graceful shutdown with inittab and all getting involved 337 */ 338 psignal(initpp, SIGPWR); 339 } 340