sys/kern/kern_shutdown.c

17658Sjulian/*-
17658Sjulian * Copyright (c) 1986, 1988, 1991, 1993
17658Sjulian *	The Regents of the University of California.  All rights reserved.
17658Sjulian * (c) UNIX System Laboratories, Inc.
17658Sjulian * All or some portions of this file are derived from material licensed
17658Sjulian * to the University of California by American Telephone and Telegraph
17658Sjulian * Co. or Unix System Laboratories, Inc. and are reproduced herein with
17658Sjulian * the permission of UNIX System Laboratories, Inc.
17658Sjulian *
17658Sjulian * Redistribution and use in source and binary forms, with or without
17658Sjulian * modification, are permitted provided that the following conditions
17658Sjulian * are met:
17658Sjulian * 1. Redistributions of source code must retain the above copyright
17658Sjulian *    notice, this list of conditions and the following disclaimer.
17658Sjulian * 2. Redistributions in binary form must reproduce the above copyright
17658Sjulian *    notice, this list of conditions and the following disclaimer in the
17658Sjulian *    documentation and/or other materials provided with the distribution.
17658Sjulian * 4. Neither the name of the University nor the names of its contributors
17658Sjulian *    may be used to endorse or promote products derived from this software
17658Sjulian *    without specific prior written permission.
17658Sjulian *
17658Sjulian * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17658Sjulian * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17658Sjulian * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17658Sjulian * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
17658Sjulian * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
17658Sjulian * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
17658Sjulian * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
17658Sjulian * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
17658Sjulian * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
17658Sjulian * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
17658Sjulian * SUCH DAMAGE.
17658Sjulian *
17658Sjulian *	@(#)kern_shutdown.c	8.3 (Berkeley) 1/21/94
17658Sjulian */
17658Sjulian
116182Sobrien#include <sys/cdefs.h>
116182Sobrien__FBSDID("$FreeBSD: releng/11.0/sys/kern/kern_shutdown.c 302349 2016-07-05 18:34:34Z glebius $");
116182Sobrien
174921Srwatson#include "opt_ddb.h"
131927Smarcel#include "opt_kdb.h"
28976Sbde#include "opt_panic.h"
134649Sscottl#include "opt_sched.h"
221173Sattilio#include "opt_watchdog.h"
17658Sjulian
17658Sjulian#include <sys/param.h>
17658Sjulian#include <sys/systm.h>
60041Sphk#include <sys/bio.h>
31275Sbde#include <sys/buf.h>
78767Sjhb#include <sys/conf.h>
78767Sjhb#include <sys/cons.h>
78767Sjhb#include <sys/eventhandler.h>
287964Strasz#include <sys/filedesc.h>
193066Sjamie#include <sys/jail.h>
131927Smarcel#include <sys/kdb.h>
17658Sjulian#include <sys/kernel.h>
183527Speter#include <sys/kerneldump.h>
55539Sluoqi#include <sys/kthread.h>
243980Salfred#include <sys/ktr.h>
89601Ssobomax#include <sys/malloc.h>
21776Sbde#include <sys/mount.h>
164033Srwatson#include <sys/priv.h>
78767Sjhb#include <sys/proc.h>
78767Sjhb#include <sys/reboot.h>
78767Sjhb#include <sys/resourcevar.h>
248084Sattilio#include <sys/rwlock.h>
137263Speter#include <sys/sched.h>
206878Sattilio#include <sys/smp.h>
17658Sjulian#include <sys/sysctl.h>
17658Sjulian#include <sys/sysproto.h>
225448Sattilio#include <sys/vnode.h>
221173Sattilio#include <sys/watchdog.h>
17658Sjulian
174921Srwatson#include <ddb/ddb.h>
174921Srwatson
118990Smarcel#include <machine/cpu.h>
276772Smarkj#include <machine/dump.h>
94169Sphk#include <machine/pcb.h>
91778Sjake#include <machine/smp.h>
17658Sjulian
163606Srwatson#include <security/mac/mac_framework.h>
163606Srwatson
157628Spjd#include <vm/vm.h>
157628Spjd#include <vm/vm_object.h>
157628Spjd#include <vm/vm_page.h>
157628Spjd#include <vm/vm_pager.h>
157628Spjd#include <vm/swap_pager.h>
157628Spjd
17658Sjulian#include <sys/signalvar.h>
17658Sjulian
298076Scemstatic MALLOC_DEFINE(M_DUMPER, "dumper", "dumper block buffer");
298076Scem
17658Sjulian#ifndef PANIC_REBOOT_WAIT_TIME
17658Sjulian#define PANIC_REBOOT_WAIT_TIME 15 /* default to 15 seconds */
17658Sjulian#endif
258956Scpercivastatic int panic_reboot_wait_time = PANIC_REBOOT_WAIT_TIME;
267992ShselaskySYSCTL_INT(_kern, OID_AUTO, panic_reboot_wait_time, CTLFLAG_RWTUN,
258893Scperciva    &panic_reboot_wait_time, 0,
258893Scperciva    "Seconds to wait before rebooting after a panic");
17658Sjulian
17658Sjulian/*
17658Sjulian * Note that stdarg.h and the ANSI style va_start macro is used for both
17658Sjulian * ANSI and traditional C compilers.
17658Sjulian */
17658Sjulian#include <machine/stdarg.h>
17658Sjulian
131927Smarcel#ifdef KDB
131927Smarcel#ifdef KDB_UNATTENDED
42135Smsmithint debugger_on_panic = 0;
17658Sjulian#else
42135Smsmithint debugger_on_panic = 1;
17658Sjulian#endif
228475SobrienSYSCTL_INT(_debug, OID_AUTO, debugger_on_panic,
267992Shselasky    CTLFLAG_RWTUN | CTLFLAG_SECURE,
228487Sobrien    &debugger_on_panic, 0, "Run debugger on kernel panic");
103647Sjhb
131927Smarcel#ifdef KDB_TRACE
213322Savgstatic int trace_on_panic = 1;
103647Sjhb#else
213322Savgstatic int trace_on_panic = 0;
17658Sjulian#endif
228475SobrienSYSCTL_INT(_debug, OID_AUTO, trace_on_panic,
267992Shselasky    CTLFLAG_RWTUN | CTLFLAG_SECURE,
228487Sobrien    &trace_on_panic, 0, "Print stack trace on kernel panic");
131927Smarcel#endif /* KDB */
17658Sjulian
213322Savgstatic int sync_on_panic = 0;
267992ShselaskySYSCTL_INT(_kern, OID_AUTO, sync_on_panic, CTLFLAG_RWTUN,
85202Speter	&sync_on_panic, 0, "Do a sync before rebooting from a panic");
85202Speter
227309Sedstatic SYSCTL_NODE(_kern, OID_AUTO, shutdown, CTLFLAG_RW, 0,
227309Sed    "Shutdown environment");
43436Smsmith
225448Sattilio#ifndef DIAGNOSTIC
225448Sattiliostatic int show_busybufs;
225448Sattilio#else
225448Sattiliostatic int show_busybufs = 1;
225448Sattilio#endif
225448SattilioSYSCTL_INT(_kern_shutdown, OID_AUTO, show_busybufs, CTLFLAG_RW,
225448Sattilio	&show_busybufs, 0, "");
225448Sattilio
288446Scpercivaint suspend_blocked = 0;
288446ScpercivaSYSCTL_INT(_kern, OID_AUTO, suspend_blocked, CTLFLAG_RW,
288446Scperciva	&suspend_blocked, 0, "Block suspend due to a pending shutdown");
288446Scperciva
17658Sjulian/*
17658Sjulian * Variable panicstr contains argument to first call to panic; used as flag
17658Sjulian * to indicate that the kernel has already called panic.
17658Sjulian */
17658Sjulianconst char *panicstr;
17658Sjulian
93496Sphkint dumping;				/* system is dumping */
155383Sjeffint rebooting;				/* system is rebooting */
93496Sphkstatic struct dumperinfo dumper;	/* our selected dumper */
67093Sps
131927Smarcel/* Context information for dump-debuggers. */
131927Smarcelstatic struct pcb dumppcb;		/* Registers. */
235777Shartilwpid_t dumptid;			/* Thread ID. */
131927Smarcel
287964Straszstatic struct cdevsw reroot_cdevsw = {
287964Strasz     .d_version = D_VERSION,
287964Strasz     .d_name    = "reroot",
287964Strasz};
287964Strasz
65395Speterstatic void poweroff_wait(void *, int);
65395Speterstatic void shutdown_halt(void *junk, int howto);
65395Speterstatic void shutdown_panic(void *junk, int howto);
65395Speterstatic void shutdown_reset(void *junk, int howto);
287964Straszstatic int kern_reroot(void);
17658Sjulian
50107Smsmith/* register various local shutdown events */
110859Salfredstatic void
50107Smsmithshutdown_conf(void *unused)
50107Smsmith{
110859Salfred
110859Salfred	EVENTHANDLER_REGISTER(shutdown_final, poweroff_wait, NULL,
214279Sbrucec	    SHUTDOWN_PRI_FIRST);
110859Salfred	EVENTHANDLER_REGISTER(shutdown_final, shutdown_halt, NULL,
110859Salfred	    SHUTDOWN_PRI_LAST + 100);
110859Salfred	EVENTHANDLER_REGISTER(shutdown_final, shutdown_panic, NULL,
110859Salfred	    SHUTDOWN_PRI_LAST + 100);
110859Salfred	EVENTHANDLER_REGISTER(shutdown_final, shutdown_reset, NULL,
110859Salfred	    SHUTDOWN_PRI_LAST + 200);
50107Smsmith}
48868Sphk
177253SrwatsonSYSINIT(shutdown_conf, SI_SUB_INTRINSIC, SI_ORDER_ANY, shutdown_conf, NULL);
50107Smsmith
17658Sjulian/*
287964Strasz * The only reason this exists is to create the /dev/reroot/ directory,
287964Strasz * used by reroot code in init(8) as a mountpoint for tmpfs.
287964Strasz */
287964Straszstatic void
287964Straszreroot_conf(void *unused)
287964Strasz{
287964Strasz	int error;
287964Strasz	struct cdev *cdev;
287964Strasz
287964Strasz	error = make_dev_p(MAKEDEV_CHECKNAME | MAKEDEV_WAITOK, &cdev,
287964Strasz	    &reroot_cdevsw, NULL, UID_ROOT, GID_WHEEL, 0600, "reroot/reroot");
287964Strasz	if (error != 0) {
287964Strasz		printf("%s: failed to create device node, error %d",
287964Strasz		    __func__, error);
287964Strasz	}
287964Strasz}
287964Strasz
287964StraszSYSINIT(reroot_conf, SI_SUB_DEVFS, SI_ORDER_ANY, reroot_conf, NULL);
287964Strasz
287964Strasz/*
167211Srwatson * The system call that results in a reboot.
17658Sjulian */
82749Sdillon/* ARGSUSED */
17658Sjulianint
225617Skmacysys_reboot(struct thread *td, struct reboot_args *uap)
17658Sjulian{
17658Sjulian	int error;
17658Sjulian
106024Srwatson	error = 0;
106024Srwatson#ifdef MAC
172930Srwatson	error = mac_system_check_reboot(td->td_ucred, uap->opt);
106024Srwatson#endif
106024Srwatson	if (error == 0)
164033Srwatson		error = priv_check(td, PRIV_REBOOT);
106024Srwatson	if (error == 0) {
287964Strasz		if (uap->opt & RB_REROOT) {
287964Strasz			error = kern_reroot();
287964Strasz		} else {
287964Strasz			mtx_lock(&Giant);
287964Strasz			kern_reboot(uap->opt);
287964Strasz			mtx_unlock(&Giant);
287964Strasz		}
106024Srwatson	}
82749Sdillon	return (error);
17658Sjulian}
17658Sjulian
17658Sjulian/*
17658Sjulian * Called by events that want to shut down.. e.g  <CTL><ALT><DEL> on a PC
17658Sjulian */
17658Sjulianvoid
65268Smsmithshutdown_nice(int howto)
17658Sjulian{
110859Salfred
17658Sjulian	if (initproc != NULL) {
264237Sed		/* Send a signal to init(8) and have it shutdown the world. */
73913Sjhb		PROC_LOCK(initproc);
264237Sed		if (howto & RB_POWEROFF)
264237Sed			kern_psignal(initproc, SIGUSR2);
264237Sed		else if (howto & RB_HALT)
264237Sed			kern_psignal(initproc, SIGUSR1);
264237Sed		else
264237Sed			kern_psignal(initproc, SIGINT);
73913Sjhb		PROC_UNLOCK(initproc);
17658Sjulian	} else {
264237Sed		/* No init(8) running, so simply reboot. */
264240Sed		kern_reboot(howto | RB_NOSYNC);
17658Sjulian	}
17658Sjulian}
17658Sjulian
54233Sphkstatic void
65395Speterprint_uptime(void)
54233Sphk{
54233Sphk	int f;
54233Sphk	struct timespec ts;
54233Sphk
54233Sphk	getnanouptime(&ts);
54233Sphk	printf("Uptime: ");
54233Sphk	f = 0;
54233Sphk	if (ts.tv_sec >= 86400) {
65764Sjhb		printf("%ldd", (long)ts.tv_sec / 86400);
54233Sphk		ts.tv_sec %= 86400;
54233Sphk		f = 1;
54233Sphk	}
54233Sphk	if (f || ts.tv_sec >= 3600) {
65764Sjhb		printf("%ldh", (long)ts.tv_sec / 3600);
54233Sphk		ts.tv_sec %= 3600;
54233Sphk		f = 1;
54233Sphk	}
54233Sphk	if (f || ts.tv_sec >= 60) {
65764Sjhb		printf("%ldm", (long)ts.tv_sec / 60);
54233Sphk		ts.tv_sec %= 60;
54233Sphk		f = 1;
54233Sphk	}
65764Sjhb	printf("%lds\n", (long)ts.tv_sec);
54233Sphk}
54233Sphk
222801Smarcelint
222801Smarceldoadump(boolean_t textdump)
94169Sphk{
222801Smarcel	boolean_t coredump;
269105Sgavin	int error;
110859Salfred
269105Sgavin	error = 0;
222801Smarcel	if (dumping)
222801Smarcel		return (EBUSY);
222801Smarcel	if (dumper.dumper == NULL)
222801Smarcel		return (ENXIO);
132412Sjulian
94169Sphk	savectx(&dumppcb);
131927Smarcel	dumptid = curthread->td_tid;
94169Sphk	dumping++;
222801Smarcel
222801Smarcel	coredump = TRUE;
174921Srwatson#ifdef DDB
222801Smarcel	if (textdump && textdump_pending) {
222801Smarcel		coredump = FALSE;
174921Srwatson		textdump_dumpsys(&dumper);
222801Smarcel	}
174921Srwatson#endif
222801Smarcel	if (coredump)
269105Sgavin		error = dumpsys(&dumper);
222801Smarcel
176788Sru	dumping--;
269105Sgavin	return (error);
94169Sphk}
94169Sphk
17658Sjulian/*
137329Snjl * Shutdown the system cleanly to prepare for reboot, halt, or power off.
17658Sjulian */
214004Smarcelvoid
214004Smarcelkern_reboot(int howto)
17658Sjulian{
285993Sjeff	static int once = 0;
17658Sjulian
137375Smarcel#if defined(SMP)
137329Snjl	/*
137329Snjl	 * Bind us to CPU 0 so that all shutdown code runs there.  Some
137329Snjl	 * systems don't shutdown properly (i.e., ACPI power off) if we
137329Snjl	 * run on another processor.
137329Snjl	 */
228424Savg	if (!SCHEDULER_STOPPED()) {
228424Savg		thread_lock(curthread);
228424Savg		sched_bind(curthread, 0);
228424Savg		thread_unlock(curthread);
228424Savg		KASSERT(PCPU_GET(cpuid) == 0, ("boot: not running on cpu 0"));
228424Savg	}
137263Speter#endif
155383Sjeff	/* We're in the process of rebooting. */
155383Sjeff	rebooting = 1;
137263Speter
82119Sjhb	/* We are out of the debugger now. */
131927Smarcel	kdb_active = 0;
82119Sjhb
27997Sjulian	/*
27997Sjulian	 * Do any callouts that should be done BEFORE syncing the filesystems.
27997Sjulian	 */
50107Smsmith	EVENTHANDLER_INVOKE(shutdown_pre_sync, howto);
27997Sjulian
27997Sjulian	/*
27997Sjulian	 * Now sync filesystems
27997Sjulian	 */
285993Sjeff	if (!cold && (howto & RB_NOSYNC) == 0 && once == 0) {
285993Sjeff		once = 1;
285993Sjeff		bufshutdown(show_busybufs);
17658Sjulian	}
27997Sjulian
54233Sphk	print_uptime();
54233Sphk
228632Savg	cngrab();
228632Savg
27997Sjulian	/*
27997Sjulian	 * Ok, now do things that assume all filesystem activity has
27997Sjulian	 * been completed.
27997Sjulian	 */
50107Smsmith	EVENTHANDLER_INVOKE(shutdown_post_sync, howto);
137329Snjl
132412Sjulian	if ((howto & (RB_HALT|RB_DUMP)) == RB_DUMP && !cold && !dumping)
222801Smarcel		doadump(TRUE);
39237Sgibbs
39237Sgibbs	/* Now that we're going to really halt the system... */
50107Smsmith	EVENTHANDLER_INVOKE(shutdown_final, howto);
39237Sgibbs
50107Smsmith	for(;;) ;	/* safety against shutdown_reset not working */
50107Smsmith	/* NOTREACHED */
50107Smsmith}
50107Smsmith
50107Smsmith/*
287964Strasz * The system call that results in changing the rootfs.
287964Strasz */
287964Straszstatic int
287964Straszkern_reroot(void)
287964Strasz{
287964Strasz	struct vnode *oldrootvnode, *vp;
287964Strasz	struct mount *mp, *devmp;
287964Strasz	int error;
287964Strasz
287964Strasz	if (curproc != initproc)
287964Strasz		return (EPERM);
287964Strasz
287964Strasz	/*
287964Strasz	 * Mark the filesystem containing currently-running executable
287964Strasz	 * (the temporary copy of init(8)) busy.
287964Strasz	 */
287964Strasz	vp = curproc->p_textvp;
287964Strasz	error = vn_lock(vp, LK_SHARED);
287964Strasz	if (error != 0)
287964Strasz		return (error);
287964Strasz	mp = vp->v_mount;
287964Strasz	error = vfs_busy(mp, MBF_NOWAIT);
287964Strasz	if (error != 0) {
287964Strasz		vfs_ref(mp);
287964Strasz		VOP_UNLOCK(vp, 0);
287964Strasz		error = vfs_busy(mp, 0);
287964Strasz		vn_lock(vp, LK_SHARED | LK_RETRY);
287964Strasz		vfs_rel(mp);
287964Strasz		if (error != 0) {
287964Strasz			VOP_UNLOCK(vp, 0);
287964Strasz			return (ENOENT);
287964Strasz		}
287964Strasz		if (vp->v_iflag & VI_DOOMED) {
287964Strasz			VOP_UNLOCK(vp, 0);
287964Strasz			vfs_unbusy(mp);
287964Strasz			return (ENOENT);
287964Strasz		}
287964Strasz	}
287964Strasz	VOP_UNLOCK(vp, 0);
287964Strasz
287964Strasz	/*
287964Strasz	 * Remove the filesystem containing currently-running executable
287964Strasz	 * from the mount list, to prevent it from being unmounted
287964Strasz	 * by vfs_unmountall(), and to avoid confusing vfs_mountroot().
287964Strasz	 *
287964Strasz	 * Also preserve /dev - forcibly unmounting it could cause driver
287964Strasz	 * reinitialization.
287964Strasz	 */
287964Strasz
287964Strasz	vfs_ref(rootdevmp);
287964Strasz	devmp = rootdevmp;
287964Strasz	rootdevmp = NULL;
287964Strasz
287964Strasz	mtx_lock(&mountlist_mtx);
287964Strasz	TAILQ_REMOVE(&mountlist, mp, mnt_list);
287964Strasz	TAILQ_REMOVE(&mountlist, devmp, mnt_list);
287964Strasz	mtx_unlock(&mountlist_mtx);
287964Strasz
287964Strasz	oldrootvnode = rootvnode;
287964Strasz
287964Strasz	/*
287964Strasz	 * Unmount everything except for the two filesystems preserved above.
287964Strasz	 */
287964Strasz	vfs_unmountall();
287964Strasz
287964Strasz	/*
287964Strasz	 * Add /dev back; vfs_mountroot() will move it into its new place.
287964Strasz	 */
287964Strasz	mtx_lock(&mountlist_mtx);
287964Strasz	TAILQ_INSERT_HEAD(&mountlist, devmp, mnt_list);
287964Strasz	mtx_unlock(&mountlist_mtx);
287964Strasz	rootdevmp = devmp;
287964Strasz	vfs_rel(rootdevmp);
287964Strasz
287964Strasz	/*
287964Strasz	 * Mount the new rootfs.
287964Strasz	 */
287964Strasz	vfs_mountroot();
287964Strasz
287964Strasz	/*
287964Strasz	 * Update all references to the old rootvnode.
287964Strasz	 */
287964Strasz	mountcheckdirs(oldrootvnode, rootvnode);
287964Strasz
287964Strasz	/*
287964Strasz	 * Add the temporary filesystem back and unbusy it.
287964Strasz	 */
287964Strasz	mtx_lock(&mountlist_mtx);
287964Strasz	TAILQ_INSERT_TAIL(&mountlist, mp, mnt_list);
287964Strasz	mtx_unlock(&mountlist_mtx);
287964Strasz	vfs_unbusy(mp);
287964Strasz
287964Strasz	return (0);
287964Strasz}
287964Strasz
287964Strasz/*
50107Smsmith * If the shutdown was a clean halt, behave accordingly.
50107Smsmith */
50107Smsmithstatic void
50107Smsmithshutdown_halt(void *junk, int howto)
50107Smsmith{
110859Salfred
17658Sjulian	if (howto & RB_HALT) {
17658Sjulian		printf("\n");
17658Sjulian		printf("The operating system has halted.\n");
17658Sjulian		printf("Please press any key to reboot.\n\n");
19274Sjulian		switch (cngetc()) {
19274Sjulian		case -1:		/* No console, just die */
19274Sjulian			cpu_halt();
19274Sjulian			/* NOTREACHED */
19274Sjulian		default:
39237Sgibbs			howto &= ~RB_HALT;
19274Sjulian			break;
19274Sjulian		}
50107Smsmith	}
50107Smsmith}
17658Sjulian
50107Smsmith/*
50107Smsmith * Check to see if the system paniced, pause and then reboot
50107Smsmith * according to the specified delay.
50107Smsmith */
50107Smsmithstatic void
50107Smsmithshutdown_panic(void *junk, int howto)
50107Smsmith{
50107Smsmith	int loop;
50107Smsmith
50107Smsmith	if (howto & RB_DUMP) {
258893Scperciva		if (panic_reboot_wait_time != 0) {
258893Scperciva			if (panic_reboot_wait_time != -1) {
39237Sgibbs				printf("Automatic reboot in %d seconds - "
39237Sgibbs				       "press a key on the console to abort\n",
258893Scperciva					panic_reboot_wait_time);
258893Scperciva				for (loop = panic_reboot_wait_time * 10;
39237Sgibbs				     loop > 0; --loop) {
39237Sgibbs					DELAY(1000 * 100); /* 1/10th second */
39237Sgibbs					/* Did user type a key? */
39237Sgibbs					if (cncheckc() != -1)
39237Sgibbs						break;
17658Sjulian				}
39237Sgibbs				if (!loop)
50107Smsmith					return;
17658Sjulian			}
39237Sgibbs		} else { /* zero time specified - reboot NOW */
50107Smsmith			return;
17658Sjulian		}
89522Snik		printf("--> Press a key on the console to reboot,\n");
89522Snik		printf("--> or switch off the system now.\n");
39237Sgibbs		cngetc();
17658Sjulian	}
50107Smsmith}
50107Smsmith
50107Smsmith/*
50107Smsmith * Everything done, now reset
50107Smsmith */
50107Smsmithstatic void
50107Smsmithshutdown_reset(void *junk, int howto)
50107Smsmith{
110859Salfred
206878Sattilio	printf("Rebooting...\n");
206878Sattilio	DELAY(1000000);	/* wait 1 sec for printf's to complete and be read */
206878Sattilio
196196Sattilio	/*
206878Sattilio	 * Acquiring smp_ipi_mtx here has a double effect:
206878Sattilio	 * - it disables interrupts avoiding CPU0 preemption
206878Sattilio	 *   by fast handlers (thus deadlocking  against other CPUs)
206878Sattilio	 * - it avoids deadlocks against smp_rendezvous() or, more
206878Sattilio	 *   generally, threads busy-waiting, with this spinlock held,
206878Sattilio	 *   and waiting for responses by threads on other CPUs
206878Sattilio	 *   (ie. smp_tlb_shootdown()).
206897Sattilio	 *
206897Sattilio	 * For the !SMP case it just needs to handle the former problem.
196196Sattilio	 */
206897Sattilio#ifdef SMP
206878Sattilio	mtx_lock_spin(&smp_ipi_mtx);
206897Sattilio#else
206897Sattilio	spinlock_enter();
206897Sattilio#endif
196196Sattilio
17677Sjulian	/* cpu_boot(howto); */ /* doesn't do anything at the moment */
17658Sjulian	cpu_reset();
50107Smsmith	/* NOTREACHED */ /* assuming reset worked */
17658Sjulian}
17658Sjulian
302349Sglebius#if defined(WITNESS) || defined(INVARIANT_SUPPORT)
243980Salfredstatic int kassert_warn_only = 0;
244099Salfred#ifdef KDB
244099Salfredstatic int kassert_do_kdb = 0;
244099Salfred#endif
243980Salfred#ifdef KTR
243980Salfredstatic int kassert_do_ktr = 0;
243980Salfred#endif
243980Salfredstatic int kassert_do_log = 1;
243980Salfredstatic int kassert_log_pps_limit = 4;
243980Salfredstatic int kassert_log_mute_at = 0;
243980Salfredstatic int kassert_log_panic_at = 0;
243980Salfredstatic int kassert_warnings = 0;
243980Salfred
243980SalfredSYSCTL_NODE(_debug, OID_AUTO, kassert, CTLFLAG_RW, NULL, "kassert options");
243980Salfred
267992ShselaskySYSCTL_INT(_debug_kassert, OID_AUTO, warn_only, CTLFLAG_RWTUN,
243980Salfred    &kassert_warn_only, 0,
243980Salfred    "KASSERT triggers a panic (1) or just a warning (0)");
243980Salfred
244099Salfred#ifdef KDB
267992ShselaskySYSCTL_INT(_debug_kassert, OID_AUTO, do_kdb, CTLFLAG_RWTUN,
244099Salfred    &kassert_do_kdb, 0, "KASSERT will enter the debugger");
244099Salfred#endif
244099Salfred
243980Salfred#ifdef KTR
267992ShselaskySYSCTL_UINT(_debug_kassert, OID_AUTO, do_ktr, CTLFLAG_RWTUN,
243980Salfred    &kassert_do_ktr, 0,
243980Salfred    "KASSERT does a KTR, set this to the KTRMASK you want");
243980Salfred#endif
243980Salfred
267992ShselaskySYSCTL_INT(_debug_kassert, OID_AUTO, do_log, CTLFLAG_RWTUN,
243980Salfred    &kassert_do_log, 0, "KASSERT triggers a panic (1) or just a warning (0)");
243980Salfred
267992ShselaskySYSCTL_INT(_debug_kassert, OID_AUTO, warnings, CTLFLAG_RWTUN,
243980Salfred    &kassert_warnings, 0, "number of KASSERTs that have been triggered");
243980Salfred
267992ShselaskySYSCTL_INT(_debug_kassert, OID_AUTO, log_panic_at, CTLFLAG_RWTUN,
243980Salfred    &kassert_log_panic_at, 0, "max number of KASSERTS before we will panic");
243980Salfred
267992ShselaskySYSCTL_INT(_debug_kassert, OID_AUTO, log_pps_limit, CTLFLAG_RWTUN,
243980Salfred    &kassert_log_pps_limit, 0, "limit number of log messages per second");
243980Salfred
267992ShselaskySYSCTL_INT(_debug_kassert, OID_AUTO, log_mute_at, CTLFLAG_RWTUN,
243980Salfred    &kassert_log_mute_at, 0, "max number of KASSERTS to log");
243980Salfred
243980Salfredstatic int kassert_sysctl_kassert(SYSCTL_HANDLER_ARGS);
243980Salfred
243980SalfredSYSCTL_PROC(_debug_kassert, OID_AUTO, kassert,
243980Salfred    CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_SECURE, NULL, 0,
243980Salfred    kassert_sysctl_kassert, "I", "set to trigger a test kassert");
243980Salfred
243980Salfredstatic int
243980Salfredkassert_sysctl_kassert(SYSCTL_HANDLER_ARGS)
243980Salfred{
243980Salfred	int error, i;
243980Salfred
243980Salfred	error = sysctl_wire_old_buffer(req, sizeof(int));
243980Salfred	if (error == 0) {
243980Salfred		i = 0;
243980Salfred		error = sysctl_handle_int(oidp, &i, 0, req);
243980Salfred	}
243980Salfred	if (error != 0 || req->newptr == NULL)
243980Salfred		return (error);
243980Salfred	KASSERT(0, ("kassert_sysctl_kassert triggered kassert %d", i));
243980Salfred	return (0);
243980Salfred}
243980Salfred
17658Sjulian/*
243980Salfred * Called by KASSERT, this decides if we will panic
243980Salfred * or if we will log via printf and/or ktr.
243980Salfred */
243980Salfredvoid
243980Salfredkassert_panic(const char *fmt, ...)
243980Salfred{
243980Salfred	static char buf[256];
243980Salfred	va_list ap;
243980Salfred
243980Salfred	va_start(ap, fmt);
243980Salfred	(void)vsnprintf(buf, sizeof(buf), fmt, ap);
243980Salfred	va_end(ap);
243980Salfred
243980Salfred	/*
243980Salfred	 * panic if we're not just warning, or if we've exceeded
243980Salfred	 * kassert_log_panic_at warnings.
243980Salfred	 */
243980Salfred	if (!kassert_warn_only ||
243980Salfred	    (kassert_log_panic_at > 0 &&
243980Salfred	     kassert_warnings >= kassert_log_panic_at)) {
243980Salfred		va_start(ap, fmt);
243980Salfred		vpanic(fmt, ap);
243980Salfred		/* NORETURN */
243980Salfred	}
243980Salfred#ifdef KTR
243980Salfred	if (kassert_do_ktr)
243980Salfred		CTR0(ktr_mask, buf);
243980Salfred#endif /* KTR */
243980Salfred	/*
243980Salfred	 * log if we've not yet met the mute limit.
243980Salfred	 */
243980Salfred	if (kassert_do_log &&
243980Salfred	    (kassert_log_mute_at == 0 ||
243980Salfred	     kassert_warnings < kassert_log_mute_at)) {
243980Salfred		static  struct timeval lasterr;
243980Salfred		static  int curerr;
243980Salfred
243980Salfred		if (ppsratecheck(&lasterr, &curerr, kassert_log_pps_limit)) {
243980Salfred			printf("KASSERT failed: %s\n", buf);
243980Salfred			kdb_backtrace();
243980Salfred		}
243980Salfred	}
244099Salfred#ifdef KDB
244099Salfred	if (kassert_do_kdb) {
244099Salfred		kdb_enter(KDB_WHY_KASSERT, buf);
244099Salfred	}
244099Salfred#endif
243980Salfred	atomic_add_int(&kassert_warnings, 1);
243980Salfred}
243980Salfred#endif
243980Salfred
243980Salfred/*
17658Sjulian * Panic is called on unresolvable fatal errors.  It prints "panic: mesg",
17658Sjulian * and then reboots.  If we are called twice, then we avoid trying to sync
17658Sjulian * the disks as this often leads to recursive panics.
17658Sjulian */
17658Sjulianvoid
130164Sphkpanic(const char *fmt, ...)
17658Sjulian{
243980Salfred	va_list ap;
243980Salfred
243980Salfred	va_start(ap, fmt);
243980Salfred	vpanic(fmt, ap);
243980Salfred}
243980Salfred
281915Smarkjvoid
243980Salfredvpanic(const char *fmt, va_list ap)
243980Salfred{
213648Savg#ifdef SMP
228424Savg	cpuset_t other_cpus;
213648Savg#endif
100209Sgallatin	struct thread *td = curthread;
103647Sjhb	int bootopt, newpanic;
38874Sache	static char buf[256];
17658Sjulian
243515Savg	spinlock_enter();
228424Savg
65557Sjasone#ifdef SMP
82115Sjhb	/*
243515Savg	 * stop_cpus_hard(other_cpus) should prevent multiple CPUs from
243515Savg	 * concurrently entering panic.  Only the winner will proceed
243515Savg	 * further.
82115Sjhb	 */
243515Savg	if (panicstr == NULL && !kdb_active) {
243515Savg		other_cpus = all_cpus;
243515Savg		CPU_CLR(PCPU_GET(cpuid), &other_cpus);
243515Savg		stop_cpus_hard(other_cpus);
243515Savg	}
228424Savg
243515Savg	/*
282332Smarkj	 * Ensure that the scheduler is stopped while panicking, even if panic
282332Smarkj	 * has been entered from kdb.
243515Savg	 */
243515Savg	td->td_stopsched = 1;
65557Sjasone#endif
65557Sjasone
222865Sattilio	bootopt = RB_AUTOBOOT;
103647Sjhb	newpanic = 0;
17658Sjulian	if (panicstr)
17658Sjulian		bootopt |= RB_NOSYNC;
103647Sjhb	else {
222865Sattilio		bootopt |= RB_DUMP;
17658Sjulian		panicstr = fmt;
103647Sjhb		newpanic = 1;
103647Sjhb	}
17658Sjulian
116398Siedowse	if (newpanic) {
116398Siedowse		(void)vsnprintf(buf, sizeof(buf), fmt, ap);
38874Sache		panicstr = buf;
228632Savg		cngrab();
130164Sphk		printf("panic: %s\n", buf);
116398Siedowse	} else {
116398Siedowse		printf("panic: ");
116398Siedowse		vprintf(fmt, ap);
130164Sphk		printf("\n");
116398Siedowse	}
26100Sfsmp#ifdef SMP
134089Sjhb	printf("cpuid = %d\n", PCPU_GET(cpuid));
26100Sfsmp#endif
17658Sjulian
131927Smarcel#ifdef KDB
103647Sjhb	if (newpanic && trace_on_panic)
131927Smarcel		kdb_backtrace();
17658Sjulian	if (debugger_on_panic)
174898Srwatson		kdb_enter(KDB_WHY_PANIC, "panic");
17658Sjulian#endif
170307Sjeff	/*thread_lock(td); */
100209Sgallatin	td->td_flags |= TDF_INPANIC;
170307Sjeff	/* thread_unlock(td); */
85202Speter	if (!sync_on_panic)
85202Speter		bootopt |= RB_NOSYNC;
214004Smarcel	kern_reboot(bootopt);
17658Sjulian}
17658Sjulian
17768Sjulian/*
43436Smsmith * Support for poweroff delay.
197071Sn_hibma *
197071Sn_hibma * Please note that setting this delay too short might power off your machine
197071Sn_hibma * before the write cache on your hard disk has been flushed, leading to
197071Sn_hibma * soft-updates inconsistencies.
43436Smsmith */
54248Smsmith#ifndef POWEROFF_DELAY
54248Smsmith# define POWEROFF_DELAY 5000
54248Smsmith#endif
54248Smsmithstatic int poweroff_delay = POWEROFF_DELAY;
54248Smsmith
43436SmsmithSYSCTL_INT(_kern_shutdown, OID_AUTO, poweroff_delay, CTLFLAG_RW,
228449Seadler    &poweroff_delay, 0, "Delay before poweroff to write disk caches (msec)");
43436Smsmith
110859Salfredstatic void
50107Smsmithpoweroff_wait(void *junk, int howto)
43436Smsmith{
110859Salfred
110859Salfred	if (!(howto & RB_POWEROFF) || poweroff_delay <= 0)
43436Smsmith		return;
43436Smsmith	DELAY(poweroff_delay * 1000);
43436Smsmith}
55539Sluoqi
55539Sluoqi/*
55539Sluoqi * Some system processes (e.g. syncer) need to be stopped at appropriate
55539Sluoqi * points in their main loops prior to a system shutdown, so that they
55539Sluoqi * won't interfere with the shutdown process (e.g. by holding a disk buf
55539Sluoqi * to cause sync to fail).  For each of these system processes, register
55539Sluoqi * shutdown_kproc() as a handler for one of shutdown events.
55539Sluoqi */
55539Sluoqistatic int kproc_shutdown_wait = 60;
55539SluoqiSYSCTL_INT(_kern_shutdown, OID_AUTO, kproc_shutdown_wait, CTLFLAG_RW,
228449Seadler    &kproc_shutdown_wait, 0, "Max wait time (sec) to stop for each process");
55539Sluoqi
55539Sluoqivoid
70063Sjhbkproc_shutdown(void *arg, int howto)
55539Sluoqi{
55539Sluoqi	struct proc *p;
55539Sluoqi	int error;
55539Sluoqi
55539Sluoqi	if (panicstr)
55539Sluoqi		return;
55539Sluoqi
55539Sluoqi	p = (struct proc *)arg;
301040Strasz	printf("Waiting (max %d seconds) for system process `%s' to stop... ",
198408Sjhb	    kproc_shutdown_wait, p->p_comm);
172836Sjulian	error = kproc_suspend(p, kproc_shutdown_wait * hz);
55539Sluoqi
55539Sluoqi	if (error == EWOULDBLOCK)
132866Snjl		printf("timed out\n");
55539Sluoqi	else
132866Snjl		printf("done\n");
55539Sluoqi}
93496Sphk
173004Sjulianvoid
173004Sjuliankthread_shutdown(void *arg, int howto)
173004Sjulian{
173004Sjulian	struct thread *td;
173004Sjulian	int error;
173004Sjulian
173004Sjulian	if (panicstr)
173004Sjulian		return;
173004Sjulian
173004Sjulian	td = (struct thread *)arg;
301040Strasz	printf("Waiting (max %d seconds) for system thread `%s' to stop... ",
198408Sjhb	    kproc_shutdown_wait, td->td_name);
173004Sjulian	error = kthread_suspend(td, kproc_shutdown_wait * hz);
173004Sjulian
173004Sjulian	if (error == EWOULDBLOCK)
173004Sjulian		printf("timed out\n");
173004Sjulian	else
173004Sjulian		printf("done\n");
173004Sjulian}
173004Sjulian
242439Salfredstatic char dumpdevname[sizeof(((struct cdev*)NULL)->si_name)];
242439SalfredSYSCTL_STRING(_kern_shutdown, OID_AUTO, dumpdevname, CTLFLAG_RD,
242439Salfred    dumpdevname, 0, "Device for kernel dumps");
242439Salfred
93496Sphk/* Registration of dumpers */
93496Sphkint
274366Spjdset_dumper(struct dumperinfo *di, const char *devname, struct thread *td)
93496Sphk{
242489Salfred	size_t wantcopy;
274366Spjd	int error;
110859Salfred
274366Spjd	error = priv_check(td, PRIV_SETDUMPER);
274366Spjd	if (error != 0)
274366Spjd		return (error);
274366Spjd
93496Sphk	if (di == NULL) {
298076Scem		if (dumper.blockbuf != NULL)
298076Scem			free(dumper.blockbuf, M_DUMPER);
298076Scem		bzero(&dumper, sizeof(dumper));
242439Salfred		dumpdevname[0] = '\0';
93496Sphk		return (0);
93496Sphk	}
93496Sphk	if (dumper.dumper != NULL)
93496Sphk		return (EBUSY);
93496Sphk	dumper = *di;
242489Salfred	wantcopy = strlcpy(dumpdevname, devname, sizeof(dumpdevname));
242489Salfred	if (wantcopy >= sizeof(dumpdevname)) {
242439Salfred		printf("set_dumper: device name truncated from '%s' -> '%s'\n",
242439Salfred			devname, dumpdevname);
242439Salfred	}
298076Scem	dumper.blockbuf = malloc(di->blocksize, M_DUMPER, M_WAITOK | M_ZERO);
93496Sphk	return (0);
93496Sphk}
93496Sphk
175768Sru/* Call dumper with bounds checking. */
175768Sruint
175768Srudump_write(struct dumperinfo *di, void *virtual, vm_offset_t physical,
175768Sru    off_t offset, size_t length)
175768Sru{
175768Sru
175768Sru	if (length != 0 && (offset < di->mediaoffset ||
175768Sru	    offset - di->mediaoffset + length > di->mediasize)) {
225516Sattilio		printf("Attempt to write outside dump device boundaries.\n"
225516Sattilio	    "offset(%jd), mediaoffset(%jd), length(%ju), mediasize(%jd).\n",
225516Sattilio		    (intmax_t)offset, (intmax_t)di->mediaoffset,
225516Sattilio		    (uintmax_t)length, (intmax_t)di->mediasize);
225516Sattilio		return (ENOSPC);
175768Sru	}
175768Sru	return (di->dumper(di->priv, virtual, physical, offset, length));
175768Sru}
175768Sru
298076Scem/* Call dumper with bounds checking. */
298076Scemint
298076Scemdump_write_pad(struct dumperinfo *di, void *virtual, vm_offset_t physical,
298076Scem    off_t offset, size_t length, size_t *size)
298076Scem{
298076Scem	char *temp;
298076Scem	int ret;
298076Scem
298076Scem	if (length > di->blocksize)
298076Scem		return (ENOMEM);
298076Scem
298076Scem	*size = di->blocksize;
298076Scem	if (length == di->blocksize)
298076Scem		temp = virtual;
298076Scem	else {
298076Scem		temp = di->blockbuf;
298076Scem		memset(temp + length, 0, di->blocksize - length);
298076Scem		memcpy(temp, virtual, length);
298076Scem	}
298076Scem	ret = dump_write(di, temp, physical, offset, *size);
298076Scem
298076Scem	return (ret);
298076Scem}
298076Scem
298076Scem
93496Sphkvoid
183527Spetermkdumpheader(struct kerneldumpheader *kdh, char *magic, uint32_t archver,
183527Speter    uint64_t dumplen, uint32_t blksz)
183527Speter{
183527Speter
183527Speter	bzero(kdh, sizeof(*kdh));
283115Sasomers	strlcpy(kdh->magic, magic, sizeof(kdh->magic));
283115Sasomers	strlcpy(kdh->architecture, MACHINE_ARCH, sizeof(kdh->architecture));
183527Speter	kdh->version = htod32(KERNELDUMPVERSION);
183527Speter	kdh->architectureversion = htod32(archver);
183527Speter	kdh->dumplength = htod64(dumplen);
183527Speter	kdh->dumptime = htod64(time_second);
183527Speter	kdh->blocksize = htod32(blksz);
283115Sasomers	strlcpy(kdh->hostname, prison0.pr_hostname, sizeof(kdh->hostname));
283115Sasomers	strlcpy(kdh->versionstring, version, sizeof(kdh->versionstring));
183527Speter	if (panicstr != NULL)
283115Sasomers		strlcpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring));
183527Speter	kdh->parity = kerneldump_parity(kdh);
183527Speter}
301522Sbz
301522Sbz#ifdef DDB
301522SbzDB_SHOW_COMMAND(panic, db_show_panic)
301522Sbz{
301522Sbz
301522Sbz	if (panicstr == NULL)
301522Sbz		db_printf("panicstr not set\n");
301522Sbz	else
301522Sbz		db_printf("panic: %s\n", panicstr);
301522Sbz}
301522Sbz#endif