1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * linux/kernel/reboot.c 4 * 5 * Copyright (C) 2013 Linus Torvalds 6 */ 7 8 #define pr_fmt(fmt) "reboot: " fmt 9 10 #include <linux/atomic.h> 11 #include <linux/ctype.h> 12 #include <linux/export.h> 13 #include <linux/kexec.h> 14 #include <linux/kmod.h> 15 #include <linux/kmsg_dump.h> 16 #include <linux/reboot.h> 17 #include <linux/suspend.h> 18 #include <linux/syscalls.h> 19 #include <linux/syscore_ops.h> 20 #include <linux/uaccess.h> 21 22 /* 23 * this indicates whether you can reboot with ctrl-alt-del: the default is yes 24 */ 25 26 static int C_A_D = 1; 27 struct pid *cad_pid; 28 EXPORT_SYMBOL(cad_pid); 29 30 #if defined(CONFIG_ARM) 31 #define DEFAULT_REBOOT_MODE = REBOOT_HARD 32 #else 33 #define DEFAULT_REBOOT_MODE 34 #endif 35 enum reboot_mode reboot_mode DEFAULT_REBOOT_MODE; 36 EXPORT_SYMBOL_GPL(reboot_mode); 37 enum reboot_mode panic_reboot_mode = REBOOT_UNDEFINED; 38 39 static enum hw_protection_action hw_protection_action = HWPROT_ACT_SHUTDOWN; 40 41 /* 42 * This variable is used privately to keep track of whether or not 43 * reboot_type is still set to its default value (i.e., reboot= hasn't 44 * been set on the command line). This is needed so that we can 45 * suppress DMI scanning for reboot quirks. Without it, it's 46 * impossible to override a faulty reboot quirk without recompiling. 47 */ 48 int reboot_default = 1; 49 int reboot_cpu; 50 enum reboot_type reboot_type = BOOT_ACPI; 51 int reboot_force; 52 53 struct sys_off_handler { 54 struct notifier_block nb; 55 int (*sys_off_cb)(struct sys_off_data *data); 56 void *cb_data; 57 enum sys_off_mode mode; 58 bool blocking; 59 void *list; 60 struct device *dev; 61 }; 62 63 /* 64 * This variable is used to indicate if a halt was initiated instead of a 65 * reboot when the reboot call was invoked with LINUX_REBOOT_CMD_POWER_OFF, but 66 * the system cannot be powered off. This allowes kernel_halt() to notify users 67 * of that. 68 */ 69 static bool poweroff_fallback_to_halt; 70 71 /* 72 * Temporary stub that prevents linkage failure while we're in process 73 * of removing all uses of legacy pm_power_off() around the kernel. 74 */ 75 void __weak (*pm_power_off)(void); 76 77 /* 78 * Notifier list for kernel code which wants to be called 79 * at shutdown. This is used to stop any idling DMA operations 80 * and the like. 81 */ 82 static BLOCKING_NOTIFIER_HEAD(reboot_notifier_list); 83 84 /** 85 * emergency_restart - reboot the system 86 * 87 * Without shutting down any hardware or taking any locks 88 * reboot the system. This is called when we know we are in 89 * trouble so this is our best effort to reboot. This is 90 * safe to call in interrupt context. 91 */ 92 void emergency_restart(void) 93 { 94 kmsg_dump(KMSG_DUMP_EMERG); 95 system_state = SYSTEM_RESTART; 96 machine_emergency_restart(); 97 } 98 EXPORT_SYMBOL_GPL(emergency_restart); 99 100 void kernel_restart_prepare(char *cmd) 101 { 102 blocking_notifier_call_chain(&reboot_notifier_list, SYS_RESTART, cmd); 103 system_state = SYSTEM_RESTART; 104 usermodehelper_disable(); 105 device_shutdown(); 106 } 107 108 /** 109 * register_reboot_notifier - Register function to be called at reboot time 110 * @nb: Info about notifier function to be called 111 * 112 * Registers a function with the list of functions 113 * to be called at reboot time. 114 * 115 * Currently always returns zero, as blocking_notifier_chain_register() 116 * always returns zero. 117 */ 118 int register_reboot_notifier(struct notifier_block *nb) 119 { 120 return blocking_notifier_chain_register(&reboot_notifier_list, nb); 121 } 122 EXPORT_SYMBOL(register_reboot_notifier); 123 124 /** 125 * unregister_reboot_notifier - Unregister previously registered reboot notifier 126 * @nb: Hook to be unregistered 127 * 128 * Unregisters a previously registered reboot 129 * notifier function. 130 * 131 * Returns zero on success, or %-ENOENT on failure. 132 */ 133 int unregister_reboot_notifier(struct notifier_block *nb) 134 { 135 return blocking_notifier_chain_unregister(&reboot_notifier_list, nb); 136 } 137 EXPORT_SYMBOL(unregister_reboot_notifier); 138 139 static void devm_unregister_reboot_notifier(struct device *dev, void *res) 140 { 141 WARN_ON(unregister_reboot_notifier(*(struct notifier_block **)res)); 142 } 143 144 int devm_register_reboot_notifier(struct device *dev, struct notifier_block *nb) 145 { 146 struct notifier_block **rcnb; 147 int ret; 148 149 rcnb = devres_alloc(devm_unregister_reboot_notifier, 150 sizeof(*rcnb), GFP_KERNEL); 151 if (!rcnb) 152 return -ENOMEM; 153 154 ret = register_reboot_notifier(nb); 155 if (!ret) { 156 *rcnb = nb; 157 devres_add(dev, rcnb); 158 } else { 159 devres_free(rcnb); 160 } 161 162 return ret; 163 } 164 EXPORT_SYMBOL(devm_register_reboot_notifier); 165 166 /* 167 * Notifier list for kernel code which wants to be called 168 * to restart the system. 169 */ 170 static ATOMIC_NOTIFIER_HEAD(restart_handler_list); 171 172 /** 173 * register_restart_handler - Register function to be called to reset 174 * the system 175 * @nb: Info about handler function to be called 176 * @nb->priority: Handler priority. Handlers should follow the 177 * following guidelines for setting priorities. 178 * 0: Restart handler of last resort, 179 * with limited restart capabilities 180 * 128: Default restart handler; use if no other 181 * restart handler is expected to be available, 182 * and/or if restart functionality is 183 * sufficient to restart the entire system 184 * 255: Highest priority restart handler, will 185 * preempt all other restart handlers 186 * 187 * Registers a function with code to be called to restart the 188 * system. 189 * 190 * Registered functions will be called from machine_restart as last 191 * step of the restart sequence (if the architecture specific 192 * machine_restart function calls do_kernel_restart - see below 193 * for details). 194 * Registered functions are expected to restart the system immediately. 195 * If more than one function is registered, the restart handler priority 196 * selects which function will be called first. 197 * 198 * Restart handlers are expected to be registered from non-architecture 199 * code, typically from drivers. A typical use case would be a system 200 * where restart functionality is provided through a watchdog. Multiple 201 * restart handlers may exist; for example, one restart handler might 202 * restart the entire system, while another only restarts the CPU. 203 * In such cases, the restart handler which only restarts part of the 204 * hardware is expected to register with low priority to ensure that 205 * it only runs if no other means to restart the system is available. 206 * 207 * Currently always returns zero, as atomic_notifier_chain_register() 208 * always returns zero. 209 */ 210 int register_restart_handler(struct notifier_block *nb) 211 { 212 return atomic_notifier_chain_register(&restart_handler_list, nb); 213 } 214 EXPORT_SYMBOL(register_restart_handler); 215 216 /** 217 * unregister_restart_handler - Unregister previously registered 218 * restart handler 219 * @nb: Hook to be unregistered 220 * 221 * Unregisters a previously registered restart handler function. 222 * 223 * Returns zero on success, or %-ENOENT on failure. 224 */ 225 int unregister_restart_handler(struct notifier_block *nb) 226 { 227 return atomic_notifier_chain_unregister(&restart_handler_list, nb); 228 } 229 EXPORT_SYMBOL(unregister_restart_handler); 230 231 /** 232 * do_kernel_restart - Execute kernel restart handler call chain 233 * 234 * @cmd: pointer to buffer containing command to execute for restart 235 * or %NULL 236 * 237 * Calls functions registered with register_restart_handler. 238 * 239 * Expected to be called from machine_restart as last step of the restart 240 * sequence. 241 * 242 * Restarts the system immediately if a restart handler function has been 243 * registered. Otherwise does nothing. 244 */ 245 void do_kernel_restart(char *cmd) 246 { 247 atomic_notifier_call_chain(&restart_handler_list, reboot_mode, cmd); 248 } 249 250 void migrate_to_reboot_cpu(void) 251 { 252 /* The boot cpu is always logical cpu 0 */ 253 int cpu = reboot_cpu; 254 255 cpu_hotplug_disable(); 256 257 /* Make certain the cpu I'm about to reboot on is online */ 258 if (!cpu_online(cpu)) 259 cpu = cpumask_first(cpu_online_mask); 260 261 /* Prevent races with other tasks migrating this task */ 262 current->flags |= PF_NO_SETAFFINITY; 263 264 /* Make certain I only run on the appropriate processor */ 265 set_cpus_allowed_ptr(current, cpumask_of(cpu)); 266 } 267 268 /* 269 * Notifier list for kernel code which wants to be called 270 * to prepare system for restart. 271 */ 272 static BLOCKING_NOTIFIER_HEAD(restart_prep_handler_list); 273 274 static void do_kernel_restart_prepare(void) 275 { 276 blocking_notifier_call_chain(&restart_prep_handler_list, 0, NULL); 277 } 278 279 /** 280 * kernel_restart - reboot the system 281 * @cmd: pointer to buffer containing command to execute for restart 282 * or %NULL 283 * 284 * Shutdown everything and perform a clean reboot. 285 * This is not safe to call in interrupt context. 286 */ 287 void kernel_restart(char *cmd) 288 { 289 kernel_restart_prepare(cmd); 290 do_kernel_restart_prepare(); 291 migrate_to_reboot_cpu(); 292 syscore_shutdown(); 293 if (!cmd) 294 pr_emerg("Restarting system\n"); 295 else 296 pr_emerg("Restarting system with command '%s'\n", cmd); 297 kmsg_dump(KMSG_DUMP_SHUTDOWN); 298 machine_restart(cmd); 299 } 300 EXPORT_SYMBOL_GPL(kernel_restart); 301 302 static void kernel_shutdown_prepare(enum system_states state) 303 { 304 blocking_notifier_call_chain(&reboot_notifier_list, 305 (state == SYSTEM_HALT) ? SYS_HALT : SYS_POWER_OFF, NULL); 306 system_state = state; 307 usermodehelper_disable(); 308 device_shutdown(); 309 } 310 /** 311 * kernel_halt - halt the system 312 * 313 * Shutdown everything and perform a clean system halt. 314 */ 315 void kernel_halt(void) 316 { 317 kernel_shutdown_prepare(SYSTEM_HALT); 318 migrate_to_reboot_cpu(); 319 syscore_shutdown(); 320 if (poweroff_fallback_to_halt) 321 pr_emerg("Power off not available: System halted instead\n"); 322 else 323 pr_emerg("System halted\n"); 324 kmsg_dump(KMSG_DUMP_SHUTDOWN); 325 machine_halt(); 326 } 327 EXPORT_SYMBOL_GPL(kernel_halt); 328 329 /* 330 * Notifier list for kernel code which wants to be called 331 * to prepare system for power off. 332 */ 333 static BLOCKING_NOTIFIER_HEAD(power_off_prep_handler_list); 334 335 /* 336 * Notifier list for kernel code which wants to be called 337 * to power off system. 338 */ 339 static ATOMIC_NOTIFIER_HEAD(power_off_handler_list); 340 341 static int sys_off_notify(struct notifier_block *nb, 342 unsigned long mode, void *cmd) 343 { 344 struct sys_off_handler *handler; 345 struct sys_off_data data = {}; 346 347 handler = container_of(nb, struct sys_off_handler, nb); 348 data.cb_data = handler->cb_data; 349 data.mode = mode; 350 data.cmd = cmd; 351 data.dev = handler->dev; 352 353 return handler->sys_off_cb(&data); 354 } 355 356 static struct sys_off_handler platform_sys_off_handler; 357 358 static struct sys_off_handler *alloc_sys_off_handler(int priority) 359 { 360 struct sys_off_handler *handler; 361 gfp_t flags; 362 363 /* 364 * Platforms like m68k can't allocate sys_off handler dynamically 365 * at the early boot time because memory allocator isn't available yet. 366 */ 367 if (priority == SYS_OFF_PRIO_PLATFORM) { 368 handler = &platform_sys_off_handler; 369 if (handler->cb_data) 370 return ERR_PTR(-EBUSY); 371 } else { 372 if (system_state > SYSTEM_RUNNING) 373 flags = GFP_ATOMIC; 374 else 375 flags = GFP_KERNEL; 376 377 handler = kzalloc(sizeof(*handler), flags); 378 if (!handler) 379 return ERR_PTR(-ENOMEM); 380 } 381 382 return handler; 383 } 384 385 static void free_sys_off_handler(struct sys_off_handler *handler) 386 { 387 if (handler == &platform_sys_off_handler) 388 memset(handler, 0, sizeof(*handler)); 389 else 390 kfree(handler); 391 } 392 393 /** 394 * register_sys_off_handler - Register sys-off handler 395 * @mode: Sys-off mode 396 * @priority: Handler priority 397 * @callback: Callback function 398 * @cb_data: Callback argument 399 * 400 * Registers system power-off or restart handler that will be invoked 401 * at the step corresponding to the given sys-off mode. Handler's callback 402 * should return NOTIFY_DONE to permit execution of the next handler in 403 * the call chain or NOTIFY_STOP to break the chain (in error case for 404 * example). 405 * 406 * Multiple handlers can be registered at the default priority level. 407 * 408 * Only one handler can be registered at the non-default priority level, 409 * otherwise ERR_PTR(-EBUSY) is returned. 410 * 411 * Returns a new instance of struct sys_off_handler on success, or 412 * an ERR_PTR()-encoded error code otherwise. 413 */ 414 struct sys_off_handler * 415 register_sys_off_handler(enum sys_off_mode mode, 416 int priority, 417 int (*callback)(struct sys_off_data *data), 418 void *cb_data) 419 { 420 struct sys_off_handler *handler; 421 int err; 422 423 handler = alloc_sys_off_handler(priority); 424 if (IS_ERR(handler)) 425 return handler; 426 427 switch (mode) { 428 case SYS_OFF_MODE_POWER_OFF_PREPARE: 429 handler->list = &power_off_prep_handler_list; 430 handler->blocking = true; 431 break; 432 433 case SYS_OFF_MODE_POWER_OFF: 434 handler->list = &power_off_handler_list; 435 break; 436 437 case SYS_OFF_MODE_RESTART_PREPARE: 438 handler->list = &restart_prep_handler_list; 439 handler->blocking = true; 440 break; 441 442 case SYS_OFF_MODE_RESTART: 443 handler->list = &restart_handler_list; 444 break; 445 446 default: 447 free_sys_off_handler(handler); 448 return ERR_PTR(-EINVAL); 449 } 450 451 handler->nb.notifier_call = sys_off_notify; 452 handler->nb.priority = priority; 453 handler->sys_off_cb = callback; 454 handler->cb_data = cb_data; 455 handler->mode = mode; 456 457 if (handler->blocking) { 458 if (priority == SYS_OFF_PRIO_DEFAULT) 459 err = blocking_notifier_chain_register(handler->list, 460 &handler->nb); 461 else 462 err = blocking_notifier_chain_register_unique_prio(handler->list, 463 &handler->nb); 464 } else { 465 if (priority == SYS_OFF_PRIO_DEFAULT) 466 err = atomic_notifier_chain_register(handler->list, 467 &handler->nb); 468 else 469 err = atomic_notifier_chain_register_unique_prio(handler->list, 470 &handler->nb); 471 } 472 473 if (err) { 474 free_sys_off_handler(handler); 475 return ERR_PTR(err); 476 } 477 478 return handler; 479 } 480 EXPORT_SYMBOL_GPL(register_sys_off_handler); 481 482 /** 483 * unregister_sys_off_handler - Unregister sys-off handler 484 * @handler: Sys-off handler 485 * 486 * Unregisters given sys-off handler. 487 */ 488 void unregister_sys_off_handler(struct sys_off_handler *handler) 489 { 490 int err; 491 492 if (IS_ERR_OR_NULL(handler)) 493 return; 494 495 if (handler->blocking) 496 err = blocking_notifier_chain_unregister(handler->list, 497 &handler->nb); 498 else 499 err = atomic_notifier_chain_unregister(handler->list, 500 &handler->nb); 501 502 /* sanity check, shall never happen */ 503 WARN_ON(err); 504 505 free_sys_off_handler(handler); 506 } 507 EXPORT_SYMBOL_GPL(unregister_sys_off_handler); 508 509 static void devm_unregister_sys_off_handler(void *data) 510 { 511 struct sys_off_handler *handler = data; 512 513 unregister_sys_off_handler(handler); 514 } 515 516 /** 517 * devm_register_sys_off_handler - Register sys-off handler 518 * @dev: Device that registers handler 519 * @mode: Sys-off mode 520 * @priority: Handler priority 521 * @callback: Callback function 522 * @cb_data: Callback argument 523 * 524 * Registers resource-managed sys-off handler. 525 * 526 * Returns zero on success, or error code on failure. 527 */ 528 int devm_register_sys_off_handler(struct device *dev, 529 enum sys_off_mode mode, 530 int priority, 531 int (*callback)(struct sys_off_data *data), 532 void *cb_data) 533 { 534 struct sys_off_handler *handler; 535 536 handler = register_sys_off_handler(mode, priority, callback, cb_data); 537 if (IS_ERR(handler)) 538 return PTR_ERR(handler); 539 handler->dev = dev; 540 541 return devm_add_action_or_reset(dev, devm_unregister_sys_off_handler, 542 handler); 543 } 544 EXPORT_SYMBOL_GPL(devm_register_sys_off_handler); 545 546 /** 547 * devm_register_power_off_handler - Register power-off handler 548 * @dev: Device that registers callback 549 * @callback: Callback function 550 * @cb_data: Callback's argument 551 * 552 * Registers resource-managed sys-off handler with a default priority 553 * and using power-off mode. 554 * 555 * Returns zero on success, or error code on failure. 556 */ 557 int devm_register_power_off_handler(struct device *dev, 558 int (*callback)(struct sys_off_data *data), 559 void *cb_data) 560 { 561 return devm_register_sys_off_handler(dev, 562 SYS_OFF_MODE_POWER_OFF, 563 SYS_OFF_PRIO_DEFAULT, 564 callback, cb_data); 565 } 566 EXPORT_SYMBOL_GPL(devm_register_power_off_handler); 567 568 /** 569 * devm_register_restart_handler - Register restart handler 570 * @dev: Device that registers callback 571 * @callback: Callback function 572 * @cb_data: Callback's argument 573 * 574 * Registers resource-managed sys-off handler with a default priority 575 * and using restart mode. 576 * 577 * Returns zero on success, or error code on failure. 578 */ 579 int devm_register_restart_handler(struct device *dev, 580 int (*callback)(struct sys_off_data *data), 581 void *cb_data) 582 { 583 return devm_register_sys_off_handler(dev, 584 SYS_OFF_MODE_RESTART, 585 SYS_OFF_PRIO_DEFAULT, 586 callback, cb_data); 587 } 588 EXPORT_SYMBOL_GPL(devm_register_restart_handler); 589 590 static struct sys_off_handler *platform_power_off_handler; 591 592 static int platform_power_off_notify(struct sys_off_data *data) 593 { 594 void (*platform_power_power_off_cb)(void) = data->cb_data; 595 596 platform_power_power_off_cb(); 597 598 return NOTIFY_DONE; 599 } 600 601 /** 602 * register_platform_power_off - Register platform-level power-off callback 603 * @power_off: Power-off callback 604 * 605 * Registers power-off callback that will be called as last step 606 * of the power-off sequence. This callback is expected to be invoked 607 * for the last resort. Only one platform power-off callback is allowed 608 * to be registered at a time. 609 * 610 * Returns zero on success, or error code on failure. 611 */ 612 int register_platform_power_off(void (*power_off)(void)) 613 { 614 struct sys_off_handler *handler; 615 616 handler = register_sys_off_handler(SYS_OFF_MODE_POWER_OFF, 617 SYS_OFF_PRIO_PLATFORM, 618 platform_power_off_notify, 619 power_off); 620 if (IS_ERR(handler)) 621 return PTR_ERR(handler); 622 623 platform_power_off_handler = handler; 624 625 return 0; 626 } 627 EXPORT_SYMBOL_GPL(register_platform_power_off); 628 629 /** 630 * unregister_platform_power_off - Unregister platform-level power-off callback 631 * @power_off: Power-off callback 632 * 633 * Unregisters previously registered platform power-off callback. 634 */ 635 void unregister_platform_power_off(void (*power_off)(void)) 636 { 637 if (platform_power_off_handler && 638 platform_power_off_handler->cb_data == power_off) { 639 unregister_sys_off_handler(platform_power_off_handler); 640 platform_power_off_handler = NULL; 641 } 642 } 643 EXPORT_SYMBOL_GPL(unregister_platform_power_off); 644 645 static int legacy_pm_power_off(struct sys_off_data *data) 646 { 647 if (pm_power_off) 648 pm_power_off(); 649 650 return NOTIFY_DONE; 651 } 652 653 static void do_kernel_power_off_prepare(void) 654 { 655 blocking_notifier_call_chain(&power_off_prep_handler_list, 0, NULL); 656 } 657 658 /** 659 * do_kernel_power_off - Execute kernel power-off handler call chain 660 * 661 * Expected to be called as last step of the power-off sequence. 662 * 663 * Powers off the system immediately if a power-off handler function has 664 * been registered. Otherwise does nothing. 665 */ 666 void do_kernel_power_off(void) 667 { 668 struct sys_off_handler *sys_off = NULL; 669 670 /* 671 * Register sys-off handlers for legacy PM callback. This allows 672 * legacy PM callbacks temporary co-exist with the new sys-off API. 673 * 674 * TODO: Remove legacy handlers once all legacy PM users will be 675 * switched to the sys-off based APIs. 676 */ 677 if (pm_power_off) 678 sys_off = register_sys_off_handler(SYS_OFF_MODE_POWER_OFF, 679 SYS_OFF_PRIO_DEFAULT, 680 legacy_pm_power_off, NULL); 681 682 atomic_notifier_call_chain(&power_off_handler_list, 0, NULL); 683 684 unregister_sys_off_handler(sys_off); 685 } 686 687 /** 688 * kernel_can_power_off - check whether system can be powered off 689 * 690 * Returns true if power-off handler is registered and system can be 691 * powered off, false otherwise. 692 */ 693 bool kernel_can_power_off(void) 694 { 695 return !atomic_notifier_call_chain_is_empty(&power_off_handler_list) || 696 pm_power_off; 697 } 698 EXPORT_SYMBOL_GPL(kernel_can_power_off); 699 700 /** 701 * kernel_power_off - power_off the system 702 * 703 * Shutdown everything and perform a clean system power_off. 704 */ 705 void kernel_power_off(void) 706 { 707 kernel_shutdown_prepare(SYSTEM_POWER_OFF); 708 do_kernel_power_off_prepare(); 709 migrate_to_reboot_cpu(); 710 syscore_shutdown(); 711 pr_emerg("Power down\n"); 712 kmsg_dump(KMSG_DUMP_SHUTDOWN); 713 machine_power_off(); 714 } 715 EXPORT_SYMBOL_GPL(kernel_power_off); 716 717 DEFINE_MUTEX(system_transition_mutex); 718 719 /* 720 * Reboot system call: for obvious reasons only root may call it, 721 * and even root needs to set up some magic numbers in the registers 722 * so that some mistake won't make this reboot the whole machine. 723 * You can also set the meaning of the ctrl-alt-del-key here. 724 * 725 * reboot doesn't sync: do that yourself before calling this. 726 */ 727 SYSCALL_DEFINE4(reboot, int, magic1, int, magic2, unsigned int, cmd, 728 void __user *, arg) 729 { 730 struct pid_namespace *pid_ns = task_active_pid_ns(current); 731 char buffer[256]; 732 int ret = 0; 733 734 /* We only trust the superuser with rebooting the system. */ 735 if (!ns_capable(pid_ns->user_ns, CAP_SYS_BOOT)) 736 return -EPERM; 737 738 /* For safety, we require "magic" arguments. */ 739 if (magic1 != LINUX_REBOOT_MAGIC1 || 740 (magic2 != LINUX_REBOOT_MAGIC2 && 741 magic2 != LINUX_REBOOT_MAGIC2A && 742 magic2 != LINUX_REBOOT_MAGIC2B && 743 magic2 != LINUX_REBOOT_MAGIC2C)) 744 return -EINVAL; 745 746 /* 747 * If pid namespaces are enabled and the current task is in a child 748 * pid_namespace, the command is handled by reboot_pid_ns() which will 749 * call do_exit(). 750 */ 751 ret = reboot_pid_ns(pid_ns, cmd); 752 if (ret) 753 return ret; 754 755 /* Instead of trying to make the power_off code look like 756 * halt when pm_power_off is not set do it the easy way. 757 */ 758 if ((cmd == LINUX_REBOOT_CMD_POWER_OFF) && !kernel_can_power_off()) { 759 poweroff_fallback_to_halt = true; 760 cmd = LINUX_REBOOT_CMD_HALT; 761 } 762 763 mutex_lock(&system_transition_mutex); 764 switch (cmd) { 765 case LINUX_REBOOT_CMD_RESTART: 766 kernel_restart(NULL); 767 break; 768 769 case LINUX_REBOOT_CMD_CAD_ON: 770 C_A_D = 1; 771 break; 772 773 case LINUX_REBOOT_CMD_CAD_OFF: 774 C_A_D = 0; 775 break; 776 777 case LINUX_REBOOT_CMD_HALT: 778 kernel_halt(); 779 do_exit(0); 780 781 case LINUX_REBOOT_CMD_POWER_OFF: 782 kernel_power_off(); 783 do_exit(0); 784 break; 785 786 case LINUX_REBOOT_CMD_RESTART2: 787 ret = strncpy_from_user(&buffer[0], arg, sizeof(buffer) - 1); 788 if (ret < 0) { 789 ret = -EFAULT; 790 break; 791 } 792 buffer[sizeof(buffer) - 1] = '\0'; 793 794 kernel_restart(buffer); 795 break; 796 797 #ifdef CONFIG_KEXEC_CORE 798 case LINUX_REBOOT_CMD_KEXEC: 799 ret = kernel_kexec(); 800 break; 801 #endif 802 803 #ifdef CONFIG_HIBERNATION 804 case LINUX_REBOOT_CMD_SW_SUSPEND: 805 ret = hibernate(); 806 break; 807 #endif 808 809 default: 810 ret = -EINVAL; 811 break; 812 } 813 mutex_unlock(&system_transition_mutex); 814 return ret; 815 } 816 817 static void deferred_cad(struct work_struct *dummy) 818 { 819 kernel_restart(NULL); 820 } 821 822 /* 823 * This function gets called by ctrl-alt-del - ie the keyboard interrupt. 824 * As it's called within an interrupt, it may NOT sync: the only choice 825 * is whether to reboot at once, or just ignore the ctrl-alt-del. 826 */ 827 void ctrl_alt_del(void) 828 { 829 static DECLARE_WORK(cad_work, deferred_cad); 830 831 if (C_A_D) 832 schedule_work(&cad_work); 833 else 834 kill_cad_pid(SIGINT, 1); 835 } 836 837 #define POWEROFF_CMD_PATH_LEN 256 838 static char poweroff_cmd[POWEROFF_CMD_PATH_LEN] = "/sbin/poweroff"; 839 static const char reboot_cmd[] = "/sbin/reboot"; 840 841 static int run_cmd(const char *cmd) 842 { 843 char **argv; 844 static char *envp[] = { 845 "HOME=/", 846 "PATH=/sbin:/bin:/usr/sbin:/usr/bin", 847 NULL 848 }; 849 int ret; 850 argv = argv_split(GFP_KERNEL, cmd, NULL); 851 if (argv) { 852 ret = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC); 853 argv_free(argv); 854 } else { 855 ret = -ENOMEM; 856 } 857 858 return ret; 859 } 860 861 static int __orderly_reboot(void) 862 { 863 int ret; 864 865 ret = run_cmd(reboot_cmd); 866 867 if (ret) { 868 pr_warn("Failed to start orderly reboot: forcing the issue\n"); 869 emergency_sync(); 870 kernel_restart(NULL); 871 } 872 873 return ret; 874 } 875 876 static int __orderly_poweroff(bool force) 877 { 878 int ret; 879 880 ret = run_cmd(poweroff_cmd); 881 882 if (ret && force) { 883 pr_warn("Failed to start orderly shutdown: forcing the issue\n"); 884 885 /* 886 * I guess this should try to kick off some daemon to sync and 887 * poweroff asap. Or not even bother syncing if we're doing an 888 * emergency shutdown? 889 */ 890 emergency_sync(); 891 kernel_power_off(); 892 } 893 894 return ret; 895 } 896 897 static bool poweroff_force; 898 899 static void poweroff_work_func(struct work_struct *work) 900 { 901 __orderly_poweroff(poweroff_force); 902 } 903 904 static DECLARE_WORK(poweroff_work, poweroff_work_func); 905 906 /** 907 * orderly_poweroff - Trigger an orderly system poweroff 908 * @force: force poweroff if command execution fails 909 * 910 * This may be called from any context to trigger a system shutdown. 911 * If the orderly shutdown fails, it will force an immediate shutdown. 912 */ 913 void orderly_poweroff(bool force) 914 { 915 if (force) /* do not override the pending "true" */ 916 poweroff_force = true; 917 schedule_work(&poweroff_work); 918 } 919 EXPORT_SYMBOL_GPL(orderly_poweroff); 920 921 static void reboot_work_func(struct work_struct *work) 922 { 923 __orderly_reboot(); 924 } 925 926 static DECLARE_WORK(reboot_work, reboot_work_func); 927 928 /** 929 * orderly_reboot - Trigger an orderly system reboot 930 * 931 * This may be called from any context to trigger a system reboot. 932 * If the orderly reboot fails, it will force an immediate reboot. 933 */ 934 void orderly_reboot(void) 935 { 936 schedule_work(&reboot_work); 937 } 938 EXPORT_SYMBOL_GPL(orderly_reboot); 939 940 static const char *hw_protection_action_str(enum hw_protection_action action) 941 { 942 switch (action) { 943 case HWPROT_ACT_SHUTDOWN: 944 return "shutdown"; 945 case HWPROT_ACT_REBOOT: 946 return "reboot"; 947 default: 948 return "undefined"; 949 } 950 } 951 952 static enum hw_protection_action hw_failure_emergency_action; 953 954 /** 955 * hw_failure_emergency_action_func - emergency action work after a known delay 956 * @work: work_struct associated with the emergency action function 957 * 958 * This function is called in very critical situations to force 959 * a kernel poweroff or reboot after a configurable timeout value. 960 */ 961 static void hw_failure_emergency_action_func(struct work_struct *work) 962 { 963 const char *action_str = hw_protection_action_str(hw_failure_emergency_action); 964 965 pr_emerg("Hardware protection timed-out. Trying forced %s\n", 966 action_str); 967 968 /* 969 * We have reached here after the emergency action waiting period has 970 * expired. This means orderly_poweroff/reboot has not been able to 971 * shut off the system for some reason. 972 * 973 * Try to shut off the system immediately if possible 974 */ 975 976 if (hw_failure_emergency_action == HWPROT_ACT_REBOOT) 977 kernel_restart(NULL); 978 else 979 kernel_power_off(); 980 981 /* 982 * Worst of the worst case trigger emergency restart 983 */ 984 pr_emerg("Hardware protection %s failed. Trying emergency restart\n", 985 action_str); 986 emergency_restart(); 987 } 988 989 static DECLARE_DELAYED_WORK(hw_failure_emergency_action_work, 990 hw_failure_emergency_action_func); 991 992 /** 993 * hw_failure_emergency_schedule - Schedule an emergency system shutdown or reboot 994 * 995 * @action: The hardware protection action to be taken 996 * @action_delay_ms: Time in milliseconds to elapse before triggering action 997 * 998 * This may be called from any critical situation to trigger a system shutdown 999 * or reboot after a given period of time. 1000 * If time is negative this is not scheduled. 1001 */ 1002 static void hw_failure_emergency_schedule(enum hw_protection_action action, 1003 int action_delay_ms) 1004 { 1005 if (action_delay_ms <= 0) 1006 return; 1007 hw_failure_emergency_action = action; 1008 schedule_delayed_work(&hw_failure_emergency_action_work, 1009 msecs_to_jiffies(action_delay_ms)); 1010 } 1011 1012 /** 1013 * __hw_protection_trigger - Trigger an emergency system shutdown or reboot 1014 * 1015 * @reason: Reason of emergency shutdown or reboot to be printed. 1016 * @ms_until_forced: Time to wait for orderly shutdown or reboot before 1017 * triggering it. Negative value disables the forced 1018 * shutdown or reboot. 1019 * @action: The hardware protection action to be taken. 1020 * 1021 * Initiate an emergency system shutdown or reboot in order to protect 1022 * hardware from further damage. Usage examples include a thermal protection. 1023 * NOTE: The request is ignored if protection shutdown or reboot is already 1024 * pending even if the previous request has given a large timeout for forced 1025 * shutdown/reboot. 1026 */ 1027 void __hw_protection_trigger(const char *reason, int ms_until_forced, 1028 enum hw_protection_action action) 1029 { 1030 static atomic_t allow_proceed = ATOMIC_INIT(1); 1031 1032 if (action == HWPROT_ACT_DEFAULT) 1033 action = hw_protection_action; 1034 1035 pr_emerg("HARDWARE PROTECTION %s (%s)\n", 1036 hw_protection_action_str(action), reason); 1037 1038 /* Shutdown should be initiated only once. */ 1039 if (!atomic_dec_and_test(&allow_proceed)) 1040 return; 1041 1042 /* 1043 * Queue a backup emergency shutdown in the event of 1044 * orderly_poweroff failure 1045 */ 1046 hw_failure_emergency_schedule(action, ms_until_forced); 1047 if (action == HWPROT_ACT_REBOOT) 1048 orderly_reboot(); 1049 else 1050 orderly_poweroff(true); 1051 } 1052 EXPORT_SYMBOL_GPL(__hw_protection_trigger); 1053 1054 static bool hw_protection_action_parse(const char *str, 1055 enum hw_protection_action *action) 1056 { 1057 if (sysfs_streq(str, "shutdown")) 1058 *action = HWPROT_ACT_SHUTDOWN; 1059 else if (sysfs_streq(str, "reboot")) 1060 *action = HWPROT_ACT_REBOOT; 1061 else 1062 return false; 1063 1064 return true; 1065 } 1066 1067 static int __init hw_protection_setup(char *str) 1068 { 1069 hw_protection_action_parse(str, &hw_protection_action); 1070 return 1; 1071 } 1072 __setup("hw_protection=", hw_protection_setup); 1073 1074 #ifdef CONFIG_SYSFS 1075 static ssize_t hw_protection_show(struct kobject *kobj, 1076 struct kobj_attribute *attr, char *buf) 1077 { 1078 return sysfs_emit(buf, "%s\n", 1079 hw_protection_action_str(hw_protection_action)); 1080 } 1081 static ssize_t hw_protection_store(struct kobject *kobj, 1082 struct kobj_attribute *attr, const char *buf, 1083 size_t count) 1084 { 1085 if (!capable(CAP_SYS_ADMIN)) 1086 return -EPERM; 1087 1088 if (!hw_protection_action_parse(buf, &hw_protection_action)) 1089 return -EINVAL; 1090 1091 return count; 1092 } 1093 static struct kobj_attribute hw_protection_attr = __ATTR_RW(hw_protection); 1094 #endif 1095 1096 static int __init reboot_setup(char *str) 1097 { 1098 for (;;) { 1099 enum reboot_mode *mode; 1100 1101 /* 1102 * Having anything passed on the command line via 1103 * reboot= will cause us to disable DMI checking 1104 * below. 1105 */ 1106 reboot_default = 0; 1107 1108 if (!strncmp(str, "panic_", 6)) { 1109 mode = &panic_reboot_mode; 1110 str += 6; 1111 } else { 1112 mode = &reboot_mode; 1113 } 1114 1115 switch (*str) { 1116 case 'w': 1117 *mode = REBOOT_WARM; 1118 break; 1119 1120 case 'c': 1121 *mode = REBOOT_COLD; 1122 break; 1123 1124 case 'h': 1125 *mode = REBOOT_HARD; 1126 break; 1127 1128 case 's': 1129 /* 1130 * reboot_cpu is s[mp]#### with #### being the processor 1131 * to be used for rebooting. Skip 's' or 'smp' prefix. 1132 */ 1133 str += str[1] == 'm' && str[2] == 'p' ? 3 : 1; 1134 1135 if (isdigit(str[0])) { 1136 int cpu = simple_strtoul(str, NULL, 0); 1137 1138 if (cpu >= num_possible_cpus()) { 1139 pr_err("Ignoring the CPU number in reboot= option. " 1140 "CPU %d exceeds possible cpu number %d\n", 1141 cpu, num_possible_cpus()); 1142 break; 1143 } 1144 reboot_cpu = cpu; 1145 } else 1146 *mode = REBOOT_SOFT; 1147 break; 1148 1149 case 'g': 1150 *mode = REBOOT_GPIO; 1151 break; 1152 1153 case 'b': 1154 case 'a': 1155 case 'k': 1156 case 't': 1157 case 'e': 1158 case 'p': 1159 reboot_type = *str; 1160 break; 1161 1162 case 'f': 1163 reboot_force = 1; 1164 break; 1165 } 1166 1167 str = strchr(str, ','); 1168 if (str) 1169 str++; 1170 else 1171 break; 1172 } 1173 return 1; 1174 } 1175 __setup("reboot=", reboot_setup); 1176 1177 #ifdef CONFIG_SYSFS 1178 1179 #define REBOOT_COLD_STR "cold" 1180 #define REBOOT_WARM_STR "warm" 1181 #define REBOOT_HARD_STR "hard" 1182 #define REBOOT_SOFT_STR "soft" 1183 #define REBOOT_GPIO_STR "gpio" 1184 #define REBOOT_UNDEFINED_STR "undefined" 1185 1186 #define BOOT_TRIPLE_STR "triple" 1187 #define BOOT_KBD_STR "kbd" 1188 #define BOOT_BIOS_STR "bios" 1189 #define BOOT_ACPI_STR "acpi" 1190 #define BOOT_EFI_STR "efi" 1191 #define BOOT_PCI_STR "pci" 1192 1193 static ssize_t mode_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) 1194 { 1195 const char *val; 1196 1197 switch (reboot_mode) { 1198 case REBOOT_COLD: 1199 val = REBOOT_COLD_STR; 1200 break; 1201 case REBOOT_WARM: 1202 val = REBOOT_WARM_STR; 1203 break; 1204 case REBOOT_HARD: 1205 val = REBOOT_HARD_STR; 1206 break; 1207 case REBOOT_SOFT: 1208 val = REBOOT_SOFT_STR; 1209 break; 1210 case REBOOT_GPIO: 1211 val = REBOOT_GPIO_STR; 1212 break; 1213 default: 1214 val = REBOOT_UNDEFINED_STR; 1215 } 1216 1217 return sysfs_emit(buf, "%s\n", val); 1218 } 1219 static ssize_t mode_store(struct kobject *kobj, struct kobj_attribute *attr, 1220 const char *buf, size_t count) 1221 { 1222 if (!capable(CAP_SYS_BOOT)) 1223 return -EPERM; 1224 1225 if (!strncmp(buf, REBOOT_COLD_STR, strlen(REBOOT_COLD_STR))) 1226 reboot_mode = REBOOT_COLD; 1227 else if (!strncmp(buf, REBOOT_WARM_STR, strlen(REBOOT_WARM_STR))) 1228 reboot_mode = REBOOT_WARM; 1229 else if (!strncmp(buf, REBOOT_HARD_STR, strlen(REBOOT_HARD_STR))) 1230 reboot_mode = REBOOT_HARD; 1231 else if (!strncmp(buf, REBOOT_SOFT_STR, strlen(REBOOT_SOFT_STR))) 1232 reboot_mode = REBOOT_SOFT; 1233 else if (!strncmp(buf, REBOOT_GPIO_STR, strlen(REBOOT_GPIO_STR))) 1234 reboot_mode = REBOOT_GPIO; 1235 else 1236 return -EINVAL; 1237 1238 reboot_default = 0; 1239 1240 return count; 1241 } 1242 static struct kobj_attribute reboot_mode_attr = __ATTR_RW(mode); 1243 1244 #ifdef CONFIG_X86 1245 static ssize_t force_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) 1246 { 1247 return sysfs_emit(buf, "%d\n", reboot_force); 1248 } 1249 static ssize_t force_store(struct kobject *kobj, struct kobj_attribute *attr, 1250 const char *buf, size_t count) 1251 { 1252 bool res; 1253 1254 if (!capable(CAP_SYS_BOOT)) 1255 return -EPERM; 1256 1257 if (kstrtobool(buf, &res)) 1258 return -EINVAL; 1259 1260 reboot_default = 0; 1261 reboot_force = res; 1262 1263 return count; 1264 } 1265 static struct kobj_attribute reboot_force_attr = __ATTR_RW(force); 1266 1267 static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) 1268 { 1269 const char *val; 1270 1271 switch (reboot_type) { 1272 case BOOT_TRIPLE: 1273 val = BOOT_TRIPLE_STR; 1274 break; 1275 case BOOT_KBD: 1276 val = BOOT_KBD_STR; 1277 break; 1278 case BOOT_BIOS: 1279 val = BOOT_BIOS_STR; 1280 break; 1281 case BOOT_ACPI: 1282 val = BOOT_ACPI_STR; 1283 break; 1284 case BOOT_EFI: 1285 val = BOOT_EFI_STR; 1286 break; 1287 case BOOT_CF9_FORCE: 1288 val = BOOT_PCI_STR; 1289 break; 1290 default: 1291 val = REBOOT_UNDEFINED_STR; 1292 } 1293 1294 return sysfs_emit(buf, "%s\n", val); 1295 } 1296 static ssize_t type_store(struct kobject *kobj, struct kobj_attribute *attr, 1297 const char *buf, size_t count) 1298 { 1299 if (!capable(CAP_SYS_BOOT)) 1300 return -EPERM; 1301 1302 if (!strncmp(buf, BOOT_TRIPLE_STR, strlen(BOOT_TRIPLE_STR))) 1303 reboot_type = BOOT_TRIPLE; 1304 else if (!strncmp(buf, BOOT_KBD_STR, strlen(BOOT_KBD_STR))) 1305 reboot_type = BOOT_KBD; 1306 else if (!strncmp(buf, BOOT_BIOS_STR, strlen(BOOT_BIOS_STR))) 1307 reboot_type = BOOT_BIOS; 1308 else if (!strncmp(buf, BOOT_ACPI_STR, strlen(BOOT_ACPI_STR))) 1309 reboot_type = BOOT_ACPI; 1310 else if (!strncmp(buf, BOOT_EFI_STR, strlen(BOOT_EFI_STR))) 1311 reboot_type = BOOT_EFI; 1312 else if (!strncmp(buf, BOOT_PCI_STR, strlen(BOOT_PCI_STR))) 1313 reboot_type = BOOT_CF9_FORCE; 1314 else 1315 return -EINVAL; 1316 1317 reboot_default = 0; 1318 1319 return count; 1320 } 1321 static struct kobj_attribute reboot_type_attr = __ATTR_RW(type); 1322 #endif 1323 1324 #ifdef CONFIG_SMP 1325 static ssize_t cpu_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) 1326 { 1327 return sysfs_emit(buf, "%d\n", reboot_cpu); 1328 } 1329 static ssize_t cpu_store(struct kobject *kobj, struct kobj_attribute *attr, 1330 const char *buf, size_t count) 1331 { 1332 unsigned int cpunum; 1333 int rc; 1334 1335 if (!capable(CAP_SYS_BOOT)) 1336 return -EPERM; 1337 1338 rc = kstrtouint(buf, 0, &cpunum); 1339 1340 if (rc) 1341 return rc; 1342 1343 if (cpunum >= num_possible_cpus()) 1344 return -ERANGE; 1345 1346 reboot_default = 0; 1347 reboot_cpu = cpunum; 1348 1349 return count; 1350 } 1351 static struct kobj_attribute reboot_cpu_attr = __ATTR_RW(cpu); 1352 #endif 1353 1354 static struct attribute *reboot_attrs[] = { 1355 &hw_protection_attr.attr, 1356 &reboot_mode_attr.attr, 1357 #ifdef CONFIG_X86 1358 &reboot_force_attr.attr, 1359 &reboot_type_attr.attr, 1360 #endif 1361 #ifdef CONFIG_SMP 1362 &reboot_cpu_attr.attr, 1363 #endif 1364 NULL, 1365 }; 1366 1367 #ifdef CONFIG_SYSCTL 1368 static const struct ctl_table kern_reboot_table[] = { 1369 { 1370 .procname = "poweroff_cmd", 1371 .data = &poweroff_cmd, 1372 .maxlen = POWEROFF_CMD_PATH_LEN, 1373 .mode = 0644, 1374 .proc_handler = proc_dostring, 1375 }, 1376 { 1377 .procname = "ctrl-alt-del", 1378 .data = &C_A_D, 1379 .maxlen = sizeof(int), 1380 .mode = 0644, 1381 .proc_handler = proc_dointvec, 1382 }, 1383 }; 1384 1385 static void __init kernel_reboot_sysctls_init(void) 1386 { 1387 register_sysctl_init("kernel", kern_reboot_table); 1388 } 1389 #else 1390 #define kernel_reboot_sysctls_init() do { } while (0) 1391 #endif /* CONFIG_SYSCTL */ 1392 1393 static const struct attribute_group reboot_attr_group = { 1394 .attrs = reboot_attrs, 1395 }; 1396 1397 static int __init reboot_ksysfs_init(void) 1398 { 1399 struct kobject *reboot_kobj; 1400 int ret; 1401 1402 reboot_kobj = kobject_create_and_add("reboot", kernel_kobj); 1403 if (!reboot_kobj) 1404 return -ENOMEM; 1405 1406 ret = sysfs_create_group(reboot_kobj, &reboot_attr_group); 1407 if (ret) { 1408 kobject_put(reboot_kobj); 1409 return ret; 1410 } 1411 1412 kernel_reboot_sysctls_init(); 1413 1414 return 0; 1415 } 1416 late_initcall(reboot_ksysfs_init); 1417 1418 #endif 1419