1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * linux/kernel/reboot.c 4 * 5 * Copyright (C) 2013 Linus Torvalds 6 */ 7 8 #define pr_fmt(fmt) "reboot: " fmt 9 10 #include <linux/atomic.h> 11 #include <linux/ctype.h> 12 #include <linux/export.h> 13 #include <linux/kexec.h> 14 #include <linux/kmod.h> 15 #include <linux/kmsg_dump.h> 16 #include <linux/reboot.h> 17 #include <linux/suspend.h> 18 #include <linux/syscalls.h> 19 #include <linux/syscore_ops.h> 20 #include <linux/uaccess.h> 21 22 /* 23 * this indicates whether you can reboot with ctrl-alt-del: the default is yes 24 */ 25 26 static int C_A_D = 1; 27 struct pid *cad_pid; 28 EXPORT_SYMBOL(cad_pid); 29 30 #if defined(CONFIG_ARM) 31 #define DEFAULT_REBOOT_MODE = REBOOT_HARD 32 #else 33 #define DEFAULT_REBOOT_MODE 34 #endif 35 enum reboot_mode reboot_mode DEFAULT_REBOOT_MODE; 36 EXPORT_SYMBOL_GPL(reboot_mode); 37 enum reboot_mode panic_reboot_mode = REBOOT_UNDEFINED; 38 39 static enum hw_protection_action hw_protection_action = HWPROT_ACT_SHUTDOWN; 40 41 /* 42 * This variable is used privately to keep track of whether or not 43 * reboot_type is still set to its default value (i.e., reboot= hasn't 44 * been set on the command line). This is needed so that we can 45 * suppress DMI scanning for reboot quirks. Without it, it's 46 * impossible to override a faulty reboot quirk without recompiling. 47 */ 48 int reboot_default = 1; 49 int reboot_cpu; 50 enum reboot_type reboot_type = BOOT_ACPI; 51 int reboot_force; 52 53 struct sys_off_handler { 54 struct notifier_block nb; 55 int (*sys_off_cb)(struct sys_off_data *data); 56 void *cb_data; 57 enum sys_off_mode mode; 58 bool blocking; 59 void *list; 60 struct device *dev; 61 }; 62 63 /* 64 * This variable is used to indicate if a halt was initiated instead of a 65 * reboot when the reboot call was invoked with LINUX_REBOOT_CMD_POWER_OFF, but 66 * the system cannot be powered off. This allowes kernel_halt() to notify users 67 * of that. 68 */ 69 static bool poweroff_fallback_to_halt; 70 71 /* 72 * Temporary stub that prevents linkage failure while we're in process 73 * of removing all uses of legacy pm_power_off() around the kernel. 74 */ 75 void __weak (*pm_power_off)(void); 76 77 /* 78 * Notifier list for kernel code which wants to be called 79 * at shutdown. This is used to stop any idling DMA operations 80 * and the like. 81 */ 82 static BLOCKING_NOTIFIER_HEAD(reboot_notifier_list); 83 84 /** 85 * emergency_restart - reboot the system 86 * 87 * Without shutting down any hardware or taking any locks 88 * reboot the system. This is called when we know we are in 89 * trouble so this is our best effort to reboot. This is 90 * safe to call in interrupt context. 91 */ 92 void emergency_restart(void) 93 { 94 kmsg_dump(KMSG_DUMP_EMERG); 95 system_state = SYSTEM_RESTART; 96 machine_emergency_restart(); 97 } 98 EXPORT_SYMBOL_GPL(emergency_restart); 99 100 void kernel_restart_prepare(char *cmd) 101 { 102 blocking_notifier_call_chain(&reboot_notifier_list, SYS_RESTART, cmd); 103 system_state = SYSTEM_RESTART; 104 usermodehelper_disable(); 105 device_shutdown(); 106 } 107 108 /** 109 * register_reboot_notifier - Register function to be called at reboot time 110 * @nb: Info about notifier function to be called 111 * 112 * Registers a function with the list of functions 113 * to be called at reboot time. 114 * 115 * Currently always returns zero, as blocking_notifier_chain_register() 116 * always returns zero. 117 */ 118 int register_reboot_notifier(struct notifier_block *nb) 119 { 120 return blocking_notifier_chain_register(&reboot_notifier_list, nb); 121 } 122 EXPORT_SYMBOL(register_reboot_notifier); 123 124 /** 125 * unregister_reboot_notifier - Unregister previously registered reboot notifier 126 * @nb: Hook to be unregistered 127 * 128 * Unregisters a previously registered reboot 129 * notifier function. 130 * 131 * Returns zero on success, or %-ENOENT on failure. 132 */ 133 int unregister_reboot_notifier(struct notifier_block *nb) 134 { 135 return blocking_notifier_chain_unregister(&reboot_notifier_list, nb); 136 } 137 EXPORT_SYMBOL(unregister_reboot_notifier); 138 139 static void devm_unregister_reboot_notifier(struct device *dev, void *res) 140 { 141 WARN_ON(unregister_reboot_notifier(*(struct notifier_block **)res)); 142 } 143 144 int devm_register_reboot_notifier(struct device *dev, struct notifier_block *nb) 145 { 146 struct notifier_block **rcnb; 147 int ret; 148 149 rcnb = devres_alloc(devm_unregister_reboot_notifier, 150 sizeof(*rcnb), GFP_KERNEL); 151 if (!rcnb) 152 return -ENOMEM; 153 154 ret = register_reboot_notifier(nb); 155 if (!ret) { 156 *rcnb = nb; 157 devres_add(dev, rcnb); 158 } else { 159 devres_free(rcnb); 160 } 161 162 return ret; 163 } 164 EXPORT_SYMBOL(devm_register_reboot_notifier); 165 166 /* 167 * Notifier list for kernel code which wants to be called 168 * to restart the system. 169 */ 170 static ATOMIC_NOTIFIER_HEAD(restart_handler_list); 171 172 /** 173 * register_restart_handler - Register function to be called to reset 174 * the system 175 * @nb: Info about handler function to be called 176 * @nb->priority: Handler priority. Handlers should follow the 177 * following guidelines for setting priorities. 178 * 0: Restart handler of last resort, 179 * with limited restart capabilities 180 * 128: Default restart handler; use if no other 181 * restart handler is expected to be available, 182 * and/or if restart functionality is 183 * sufficient to restart the entire system 184 * 255: Highest priority restart handler, will 185 * preempt all other restart handlers 186 * 187 * Registers a function with code to be called to restart the 188 * system. 189 * 190 * Registered functions will be called from machine_restart as last 191 * step of the restart sequence (if the architecture specific 192 * machine_restart function calls do_kernel_restart - see below 193 * for details). 194 * Registered functions are expected to restart the system immediately. 195 * If more than one function is registered, the restart handler priority 196 * selects which function will be called first. 197 * 198 * Restart handlers are expected to be registered from non-architecture 199 * code, typically from drivers. A typical use case would be a system 200 * where restart functionality is provided through a watchdog. Multiple 201 * restart handlers may exist; for example, one restart handler might 202 * restart the entire system, while another only restarts the CPU. 203 * In such cases, the restart handler which only restarts part of the 204 * hardware is expected to register with low priority to ensure that 205 * it only runs if no other means to restart the system is available. 206 * 207 * Currently always returns zero, as atomic_notifier_chain_register() 208 * always returns zero. 209 */ 210 int register_restart_handler(struct notifier_block *nb) 211 { 212 return atomic_notifier_chain_register(&restart_handler_list, nb); 213 } 214 EXPORT_SYMBOL(register_restart_handler); 215 216 /** 217 * unregister_restart_handler - Unregister previously registered 218 * restart handler 219 * @nb: Hook to be unregistered 220 * 221 * Unregisters a previously registered restart handler function. 222 * 223 * Returns zero on success, or %-ENOENT on failure. 224 */ 225 int unregister_restart_handler(struct notifier_block *nb) 226 { 227 return atomic_notifier_chain_unregister(&restart_handler_list, nb); 228 } 229 EXPORT_SYMBOL(unregister_restart_handler); 230 231 /** 232 * do_kernel_restart - Execute kernel restart handler call chain 233 * 234 * @cmd: pointer to buffer containing command to execute for restart 235 * or %NULL 236 * 237 * Calls functions registered with register_restart_handler. 238 * 239 * Expected to be called from machine_restart as last step of the restart 240 * sequence. 241 * 242 * Restarts the system immediately if a restart handler function has been 243 * registered. Otherwise does nothing. 244 */ 245 void do_kernel_restart(char *cmd) 246 { 247 atomic_notifier_call_chain(&restart_handler_list, reboot_mode, cmd); 248 } 249 250 void migrate_to_reboot_cpu(void) 251 { 252 /* The boot cpu is always logical cpu 0 */ 253 int cpu = reboot_cpu; 254 255 cpu_hotplug_disable(); 256 257 /* Make certain the cpu I'm about to reboot on is online */ 258 if (!cpu_online(cpu)) 259 cpu = cpumask_first(cpu_online_mask); 260 261 /* Prevent races with other tasks migrating this task */ 262 current->flags |= PF_NO_SETAFFINITY; 263 264 /* Make certain I only run on the appropriate processor */ 265 set_cpus_allowed_ptr(current, cpumask_of(cpu)); 266 } 267 268 /* 269 * Notifier list for kernel code which wants to be called 270 * to prepare system for restart. 271 */ 272 static BLOCKING_NOTIFIER_HEAD(restart_prep_handler_list); 273 274 static void do_kernel_restart_prepare(void) 275 { 276 blocking_notifier_call_chain(&restart_prep_handler_list, 0, NULL); 277 } 278 279 /** 280 * kernel_restart - reboot the system 281 * @cmd: pointer to buffer containing command to execute for restart 282 * or %NULL 283 * 284 * Shutdown everything and perform a clean reboot. 285 * This is not safe to call in interrupt context. 286 */ 287 void kernel_restart(char *cmd) 288 { 289 kernel_restart_prepare(cmd); 290 do_kernel_restart_prepare(); 291 migrate_to_reboot_cpu(); 292 syscore_shutdown(); 293 if (!cmd) 294 pr_emerg("Restarting system\n"); 295 else 296 pr_emerg("Restarting system with command '%s'\n", cmd); 297 kmsg_dump(KMSG_DUMP_SHUTDOWN); 298 machine_restart(cmd); 299 } 300 EXPORT_SYMBOL_GPL(kernel_restart); 301 302 static void kernel_shutdown_prepare(enum system_states state) 303 { 304 blocking_notifier_call_chain(&reboot_notifier_list, 305 (state == SYSTEM_HALT) ? SYS_HALT : SYS_POWER_OFF, NULL); 306 system_state = state; 307 usermodehelper_disable(); 308 device_shutdown(); 309 } 310 /** 311 * kernel_halt - halt the system 312 * 313 * Shutdown everything and perform a clean system halt. 314 */ 315 void kernel_halt(void) 316 { 317 kernel_shutdown_prepare(SYSTEM_HALT); 318 migrate_to_reboot_cpu(); 319 syscore_shutdown(); 320 if (poweroff_fallback_to_halt) 321 pr_emerg("Power off not available: System halted instead\n"); 322 else 323 pr_emerg("System halted\n"); 324 kmsg_dump(KMSG_DUMP_SHUTDOWN); 325 machine_halt(); 326 } 327 EXPORT_SYMBOL_GPL(kernel_halt); 328 329 /* 330 * Notifier list for kernel code which wants to be called 331 * to prepare system for power off. 332 */ 333 static BLOCKING_NOTIFIER_HEAD(power_off_prep_handler_list); 334 335 /* 336 * Notifier list for kernel code which wants to be called 337 * to power off system. 338 */ 339 static ATOMIC_NOTIFIER_HEAD(power_off_handler_list); 340 341 static int sys_off_notify(struct notifier_block *nb, 342 unsigned long mode, void *cmd) 343 { 344 struct sys_off_handler *handler; 345 struct sys_off_data data = {}; 346 347 handler = container_of(nb, struct sys_off_handler, nb); 348 data.cb_data = handler->cb_data; 349 data.mode = mode; 350 data.cmd = cmd; 351 data.dev = handler->dev; 352 353 return handler->sys_off_cb(&data); 354 } 355 356 static struct sys_off_handler platform_sys_off_handler; 357 358 static struct sys_off_handler *alloc_sys_off_handler(int priority) 359 { 360 struct sys_off_handler *handler; 361 gfp_t flags; 362 363 /* 364 * Platforms like m68k can't allocate sys_off handler dynamically 365 * at the early boot time because memory allocator isn't available yet. 366 */ 367 if (priority == SYS_OFF_PRIO_PLATFORM) { 368 handler = &platform_sys_off_handler; 369 if (handler->cb_data) 370 return ERR_PTR(-EBUSY); 371 } else { 372 if (system_state > SYSTEM_RUNNING) 373 flags = GFP_ATOMIC; 374 else 375 flags = GFP_KERNEL; 376 377 handler = kzalloc(sizeof(*handler), flags); 378 if (!handler) 379 return ERR_PTR(-ENOMEM); 380 } 381 382 return handler; 383 } 384 385 static void free_sys_off_handler(struct sys_off_handler *handler) 386 { 387 if (handler == &platform_sys_off_handler) 388 memset(handler, 0, sizeof(*handler)); 389 else 390 kfree(handler); 391 } 392 393 /** 394 * register_sys_off_handler - Register sys-off handler 395 * @mode: Sys-off mode 396 * @priority: Handler priority 397 * @callback: Callback function 398 * @cb_data: Callback argument 399 * 400 * Registers system power-off or restart handler that will be invoked 401 * at the step corresponding to the given sys-off mode. Handler's callback 402 * should return NOTIFY_DONE to permit execution of the next handler in 403 * the call chain or NOTIFY_STOP to break the chain (in error case for 404 * example). 405 * 406 * Multiple handlers can be registered at the default priority level. 407 * 408 * Only one handler can be registered at the non-default priority level, 409 * otherwise ERR_PTR(-EBUSY) is returned. 410 * 411 * Returns a new instance of struct sys_off_handler on success, or 412 * an ERR_PTR()-encoded error code otherwise. 413 */ 414 struct sys_off_handler * 415 register_sys_off_handler(enum sys_off_mode mode, 416 int priority, 417 int (*callback)(struct sys_off_data *data), 418 void *cb_data) 419 { 420 struct sys_off_handler *handler; 421 int err; 422 423 handler = alloc_sys_off_handler(priority); 424 if (IS_ERR(handler)) 425 return handler; 426 427 switch (mode) { 428 case SYS_OFF_MODE_POWER_OFF_PREPARE: 429 handler->list = &power_off_prep_handler_list; 430 handler->blocking = true; 431 break; 432 433 case SYS_OFF_MODE_POWER_OFF: 434 handler->list = &power_off_handler_list; 435 break; 436 437 case SYS_OFF_MODE_RESTART_PREPARE: 438 handler->list = &restart_prep_handler_list; 439 handler->blocking = true; 440 break; 441 442 case SYS_OFF_MODE_RESTART: 443 handler->list = &restart_handler_list; 444 break; 445 446 default: 447 free_sys_off_handler(handler); 448 return ERR_PTR(-EINVAL); 449 } 450 451 handler->nb.notifier_call = sys_off_notify; 452 handler->nb.priority = priority; 453 handler->sys_off_cb = callback; 454 handler->cb_data = cb_data; 455 handler->mode = mode; 456 457 if (handler->blocking) { 458 if (priority == SYS_OFF_PRIO_DEFAULT) 459 err = blocking_notifier_chain_register(handler->list, 460 &handler->nb); 461 else 462 err = blocking_notifier_chain_register_unique_prio(handler->list, 463 &handler->nb); 464 } else { 465 if (priority == SYS_OFF_PRIO_DEFAULT) 466 err = atomic_notifier_chain_register(handler->list, 467 &handler->nb); 468 else 469 err = atomic_notifier_chain_register_unique_prio(handler->list, 470 &handler->nb); 471 } 472 473 if (err) { 474 free_sys_off_handler(handler); 475 return ERR_PTR(err); 476 } 477 478 return handler; 479 } 480 EXPORT_SYMBOL_GPL(register_sys_off_handler); 481 482 /** 483 * unregister_sys_off_handler - Unregister sys-off handler 484 * @handler: Sys-off handler 485 * 486 * Unregisters given sys-off handler. 487 */ 488 void unregister_sys_off_handler(struct sys_off_handler *handler) 489 { 490 int err; 491 492 if (IS_ERR_OR_NULL(handler)) 493 return; 494 495 if (handler->blocking) 496 err = blocking_notifier_chain_unregister(handler->list, 497 &handler->nb); 498 else 499 err = atomic_notifier_chain_unregister(handler->list, 500 &handler->nb); 501 502 /* sanity check, shall never happen */ 503 WARN_ON(err); 504 505 free_sys_off_handler(handler); 506 } 507 EXPORT_SYMBOL_GPL(unregister_sys_off_handler); 508 509 static void devm_unregister_sys_off_handler(void *data) 510 { 511 struct sys_off_handler *handler = data; 512 513 unregister_sys_off_handler(handler); 514 } 515 516 /** 517 * devm_register_sys_off_handler - Register sys-off handler 518 * @dev: Device that registers handler 519 * @mode: Sys-off mode 520 * @priority: Handler priority 521 * @callback: Callback function 522 * @cb_data: Callback argument 523 * 524 * Registers resource-managed sys-off handler. 525 * 526 * Returns zero on success, or error code on failure. 527 */ 528 int devm_register_sys_off_handler(struct device *dev, 529 enum sys_off_mode mode, 530 int priority, 531 int (*callback)(struct sys_off_data *data), 532 void *cb_data) 533 { 534 struct sys_off_handler *handler; 535 536 handler = register_sys_off_handler(mode, priority, callback, cb_data); 537 if (IS_ERR(handler)) 538 return PTR_ERR(handler); 539 handler->dev = dev; 540 541 return devm_add_action_or_reset(dev, devm_unregister_sys_off_handler, 542 handler); 543 } 544 EXPORT_SYMBOL_GPL(devm_register_sys_off_handler); 545 546 /** 547 * devm_register_power_off_handler - Register power-off handler 548 * @dev: Device that registers callback 549 * @callback: Callback function 550 * @cb_data: Callback's argument 551 * 552 * Registers resource-managed sys-off handler with a default priority 553 * and using power-off mode. 554 * 555 * Returns zero on success, or error code on failure. 556 */ 557 int devm_register_power_off_handler(struct device *dev, 558 int (*callback)(struct sys_off_data *data), 559 void *cb_data) 560 { 561 return devm_register_sys_off_handler(dev, 562 SYS_OFF_MODE_POWER_OFF, 563 SYS_OFF_PRIO_DEFAULT, 564 callback, cb_data); 565 } 566 EXPORT_SYMBOL_GPL(devm_register_power_off_handler); 567 568 /** 569 * devm_register_restart_handler - Register restart handler 570 * @dev: Device that registers callback 571 * @callback: Callback function 572 * @cb_data: Callback's argument 573 * 574 * Registers resource-managed sys-off handler with a default priority 575 * and using restart mode. 576 * 577 * Returns zero on success, or error code on failure. 578 */ 579 int devm_register_restart_handler(struct device *dev, 580 int (*callback)(struct sys_off_data *data), 581 void *cb_data) 582 { 583 return devm_register_sys_off_handler(dev, 584 SYS_OFF_MODE_RESTART, 585 SYS_OFF_PRIO_DEFAULT, 586 callback, cb_data); 587 } 588 EXPORT_SYMBOL_GPL(devm_register_restart_handler); 589 590 static struct sys_off_handler *platform_power_off_handler; 591 592 static int platform_power_off_notify(struct sys_off_data *data) 593 { 594 void (*platform_power_power_off_cb)(void) = data->cb_data; 595 596 platform_power_power_off_cb(); 597 598 return NOTIFY_DONE; 599 } 600 601 /** 602 * register_platform_power_off - Register platform-level power-off callback 603 * @power_off: Power-off callback 604 * 605 * Registers power-off callback that will be called as last step 606 * of the power-off sequence. This callback is expected to be invoked 607 * for the last resort. Only one platform power-off callback is allowed 608 * to be registered at a time. 609 * 610 * Returns zero on success, or error code on failure. 611 */ 612 int register_platform_power_off(void (*power_off)(void)) 613 { 614 struct sys_off_handler *handler; 615 616 handler = register_sys_off_handler(SYS_OFF_MODE_POWER_OFF, 617 SYS_OFF_PRIO_PLATFORM, 618 platform_power_off_notify, 619 power_off); 620 if (IS_ERR(handler)) 621 return PTR_ERR(handler); 622 623 platform_power_off_handler = handler; 624 625 return 0; 626 } 627 EXPORT_SYMBOL_GPL(register_platform_power_off); 628 629 /** 630 * unregister_platform_power_off - Unregister platform-level power-off callback 631 * @power_off: Power-off callback 632 * 633 * Unregisters previously registered platform power-off callback. 634 */ 635 void unregister_platform_power_off(void (*power_off)(void)) 636 { 637 if (platform_power_off_handler && 638 platform_power_off_handler->cb_data == power_off) { 639 unregister_sys_off_handler(platform_power_off_handler); 640 platform_power_off_handler = NULL; 641 } 642 } 643 EXPORT_SYMBOL_GPL(unregister_platform_power_off); 644 645 static int legacy_pm_power_off(struct sys_off_data *data) 646 { 647 if (pm_power_off) 648 pm_power_off(); 649 650 return NOTIFY_DONE; 651 } 652 653 static void do_kernel_power_off_prepare(void) 654 { 655 blocking_notifier_call_chain(&power_off_prep_handler_list, 0, NULL); 656 } 657 658 /** 659 * do_kernel_power_off - Execute kernel power-off handler call chain 660 * 661 * Expected to be called as last step of the power-off sequence. 662 * 663 * Powers off the system immediately if a power-off handler function has 664 * been registered. Otherwise does nothing. 665 */ 666 void do_kernel_power_off(void) 667 { 668 struct sys_off_handler *sys_off = NULL; 669 670 /* 671 * Register sys-off handlers for legacy PM callback. This allows 672 * legacy PM callbacks temporary co-exist with the new sys-off API. 673 * 674 * TODO: Remove legacy handlers once all legacy PM users will be 675 * switched to the sys-off based APIs. 676 */ 677 if (pm_power_off) 678 sys_off = register_sys_off_handler(SYS_OFF_MODE_POWER_OFF, 679 SYS_OFF_PRIO_DEFAULT, 680 legacy_pm_power_off, NULL); 681 682 atomic_notifier_call_chain(&power_off_handler_list, 0, NULL); 683 684 unregister_sys_off_handler(sys_off); 685 } 686 687 /** 688 * kernel_can_power_off - check whether system can be powered off 689 * 690 * Returns true if power-off handler is registered and system can be 691 * powered off, false otherwise. 692 */ 693 bool kernel_can_power_off(void) 694 { 695 return !atomic_notifier_call_chain_is_empty(&power_off_handler_list) || 696 pm_power_off; 697 } 698 EXPORT_SYMBOL_GPL(kernel_can_power_off); 699 700 /** 701 * kernel_power_off - power_off the system 702 * 703 * Shutdown everything and perform a clean system power_off. 704 */ 705 void kernel_power_off(void) 706 { 707 kernel_shutdown_prepare(SYSTEM_POWER_OFF); 708 do_kernel_power_off_prepare(); 709 migrate_to_reboot_cpu(); 710 syscore_shutdown(); 711 pr_emerg("Power down\n"); 712 pr_flush(1000, true); 713 kmsg_dump(KMSG_DUMP_SHUTDOWN); 714 machine_power_off(); 715 } 716 EXPORT_SYMBOL_GPL(kernel_power_off); 717 718 DEFINE_MUTEX(system_transition_mutex); 719 720 /* 721 * Reboot system call: for obvious reasons only root may call it, 722 * and even root needs to set up some magic numbers in the registers 723 * so that some mistake won't make this reboot the whole machine. 724 * You can also set the meaning of the ctrl-alt-del-key here. 725 * 726 * reboot doesn't sync: do that yourself before calling this. 727 */ 728 SYSCALL_DEFINE4(reboot, int, magic1, int, magic2, unsigned int, cmd, 729 void __user *, arg) 730 { 731 struct pid_namespace *pid_ns = task_active_pid_ns(current); 732 char buffer[256]; 733 int ret = 0; 734 735 /* We only trust the superuser with rebooting the system. */ 736 if (!ns_capable(pid_ns->user_ns, CAP_SYS_BOOT)) 737 return -EPERM; 738 739 /* For safety, we require "magic" arguments. */ 740 if (magic1 != LINUX_REBOOT_MAGIC1 || 741 (magic2 != LINUX_REBOOT_MAGIC2 && 742 magic2 != LINUX_REBOOT_MAGIC2A && 743 magic2 != LINUX_REBOOT_MAGIC2B && 744 magic2 != LINUX_REBOOT_MAGIC2C)) 745 return -EINVAL; 746 747 /* 748 * If pid namespaces are enabled and the current task is in a child 749 * pid_namespace, the command is handled by reboot_pid_ns() which will 750 * call do_exit(). 751 */ 752 ret = reboot_pid_ns(pid_ns, cmd); 753 if (ret) 754 return ret; 755 756 /* Instead of trying to make the power_off code look like 757 * halt when pm_power_off is not set do it the easy way. 758 */ 759 if ((cmd == LINUX_REBOOT_CMD_POWER_OFF) && !kernel_can_power_off()) { 760 poweroff_fallback_to_halt = true; 761 cmd = LINUX_REBOOT_CMD_HALT; 762 } 763 764 mutex_lock(&system_transition_mutex); 765 switch (cmd) { 766 case LINUX_REBOOT_CMD_RESTART: 767 kernel_restart(NULL); 768 break; 769 770 case LINUX_REBOOT_CMD_CAD_ON: 771 C_A_D = 1; 772 break; 773 774 case LINUX_REBOOT_CMD_CAD_OFF: 775 C_A_D = 0; 776 break; 777 778 case LINUX_REBOOT_CMD_HALT: 779 kernel_halt(); 780 do_exit(0); 781 782 case LINUX_REBOOT_CMD_POWER_OFF: 783 kernel_power_off(); 784 do_exit(0); 785 break; 786 787 case LINUX_REBOOT_CMD_RESTART2: 788 ret = strncpy_from_user(&buffer[0], arg, sizeof(buffer) - 1); 789 if (ret < 0) { 790 ret = -EFAULT; 791 break; 792 } 793 buffer[sizeof(buffer) - 1] = '\0'; 794 795 kernel_restart(buffer); 796 break; 797 798 #ifdef CONFIG_KEXEC_CORE 799 case LINUX_REBOOT_CMD_KEXEC: 800 ret = kernel_kexec(); 801 break; 802 #endif 803 804 #ifdef CONFIG_HIBERNATION 805 case LINUX_REBOOT_CMD_SW_SUSPEND: 806 ret = hibernate(); 807 break; 808 #endif 809 810 default: 811 ret = -EINVAL; 812 break; 813 } 814 mutex_unlock(&system_transition_mutex); 815 return ret; 816 } 817 818 static void deferred_cad(struct work_struct *dummy) 819 { 820 kernel_restart(NULL); 821 } 822 823 /* 824 * This function gets called by ctrl-alt-del - ie the keyboard interrupt. 825 * As it's called within an interrupt, it may NOT sync: the only choice 826 * is whether to reboot at once, or just ignore the ctrl-alt-del. 827 */ 828 void ctrl_alt_del(void) 829 { 830 static DECLARE_WORK(cad_work, deferred_cad); 831 832 if (C_A_D) 833 schedule_work(&cad_work); 834 else 835 kill_cad_pid(SIGINT, 1); 836 } 837 838 #define POWEROFF_CMD_PATH_LEN 256 839 static char poweroff_cmd[POWEROFF_CMD_PATH_LEN] = "/sbin/poweroff"; 840 static const char reboot_cmd[] = "/sbin/reboot"; 841 842 static int run_cmd(const char *cmd) 843 { 844 char **argv; 845 static char *envp[] = { 846 "HOME=/", 847 "PATH=/sbin:/bin:/usr/sbin:/usr/bin", 848 NULL 849 }; 850 int ret; 851 argv = argv_split(GFP_KERNEL, cmd, NULL); 852 if (argv) { 853 ret = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC); 854 argv_free(argv); 855 } else { 856 ret = -ENOMEM; 857 } 858 859 return ret; 860 } 861 862 static int __orderly_reboot(void) 863 { 864 int ret; 865 866 ret = run_cmd(reboot_cmd); 867 868 if (ret) { 869 pr_warn("Failed to start orderly reboot: forcing the issue\n"); 870 emergency_sync(); 871 kernel_restart(NULL); 872 } 873 874 return ret; 875 } 876 877 static int __orderly_poweroff(bool force) 878 { 879 int ret; 880 881 ret = run_cmd(poweroff_cmd); 882 883 if (ret && force) { 884 pr_warn("Failed to start orderly shutdown: forcing the issue\n"); 885 886 /* 887 * I guess this should try to kick off some daemon to sync and 888 * poweroff asap. Or not even bother syncing if we're doing an 889 * emergency shutdown? 890 */ 891 emergency_sync(); 892 kernel_power_off(); 893 } 894 895 return ret; 896 } 897 898 static bool poweroff_force; 899 900 static void poweroff_work_func(struct work_struct *work) 901 { 902 __orderly_poweroff(poweroff_force); 903 } 904 905 static DECLARE_WORK(poweroff_work, poweroff_work_func); 906 907 /** 908 * orderly_poweroff - Trigger an orderly system poweroff 909 * @force: force poweroff if command execution fails 910 * 911 * This may be called from any context to trigger a system shutdown. 912 * If the orderly shutdown fails, it will force an immediate shutdown. 913 */ 914 void orderly_poweroff(bool force) 915 { 916 if (force) /* do not override the pending "true" */ 917 poweroff_force = true; 918 schedule_work(&poweroff_work); 919 } 920 EXPORT_SYMBOL_GPL(orderly_poweroff); 921 922 static void reboot_work_func(struct work_struct *work) 923 { 924 __orderly_reboot(); 925 } 926 927 static DECLARE_WORK(reboot_work, reboot_work_func); 928 929 /** 930 * orderly_reboot - Trigger an orderly system reboot 931 * 932 * This may be called from any context to trigger a system reboot. 933 * If the orderly reboot fails, it will force an immediate reboot. 934 */ 935 void orderly_reboot(void) 936 { 937 schedule_work(&reboot_work); 938 } 939 EXPORT_SYMBOL_GPL(orderly_reboot); 940 941 static const char *hw_protection_action_str(enum hw_protection_action action) 942 { 943 switch (action) { 944 case HWPROT_ACT_SHUTDOWN: 945 return "shutdown"; 946 case HWPROT_ACT_REBOOT: 947 return "reboot"; 948 default: 949 return "undefined"; 950 } 951 } 952 953 static enum hw_protection_action hw_failure_emergency_action; 954 955 /** 956 * hw_failure_emergency_action_func - emergency action work after a known delay 957 * @work: work_struct associated with the emergency action function 958 * 959 * This function is called in very critical situations to force 960 * a kernel poweroff or reboot after a configurable timeout value. 961 */ 962 static void hw_failure_emergency_action_func(struct work_struct *work) 963 { 964 const char *action_str = hw_protection_action_str(hw_failure_emergency_action); 965 966 pr_emerg("Hardware protection timed-out. Trying forced %s\n", 967 action_str); 968 969 /* 970 * We have reached here after the emergency action waiting period has 971 * expired. This means orderly_poweroff/reboot has not been able to 972 * shut off the system for some reason. 973 * 974 * Try to shut off the system immediately if possible 975 */ 976 977 if (hw_failure_emergency_action == HWPROT_ACT_REBOOT) 978 kernel_restart(NULL); 979 else 980 kernel_power_off(); 981 982 /* 983 * Worst of the worst case trigger emergency restart 984 */ 985 pr_emerg("Hardware protection %s failed. Trying emergency restart\n", 986 action_str); 987 emergency_restart(); 988 } 989 990 static DECLARE_DELAYED_WORK(hw_failure_emergency_action_work, 991 hw_failure_emergency_action_func); 992 993 /** 994 * hw_failure_emergency_schedule - Schedule an emergency system shutdown or reboot 995 * 996 * @action: The hardware protection action to be taken 997 * @action_delay_ms: Time in milliseconds to elapse before triggering action 998 * 999 * This may be called from any critical situation to trigger a system shutdown 1000 * or reboot after a given period of time. 1001 * If time is negative this is not scheduled. 1002 */ 1003 static void hw_failure_emergency_schedule(enum hw_protection_action action, 1004 int action_delay_ms) 1005 { 1006 if (action_delay_ms <= 0) 1007 return; 1008 hw_failure_emergency_action = action; 1009 schedule_delayed_work(&hw_failure_emergency_action_work, 1010 msecs_to_jiffies(action_delay_ms)); 1011 } 1012 1013 /** 1014 * __hw_protection_trigger - Trigger an emergency system shutdown or reboot 1015 * 1016 * @reason: Reason of emergency shutdown or reboot to be printed. 1017 * @ms_until_forced: Time to wait for orderly shutdown or reboot before 1018 * triggering it. Negative value disables the forced 1019 * shutdown or reboot. 1020 * @action: The hardware protection action to be taken. 1021 * 1022 * Initiate an emergency system shutdown or reboot in order to protect 1023 * hardware from further damage. Usage examples include a thermal protection. 1024 * NOTE: The request is ignored if protection shutdown or reboot is already 1025 * pending even if the previous request has given a large timeout for forced 1026 * shutdown/reboot. 1027 */ 1028 void __hw_protection_trigger(const char *reason, int ms_until_forced, 1029 enum hw_protection_action action) 1030 { 1031 static atomic_t allow_proceed = ATOMIC_INIT(1); 1032 1033 if (action == HWPROT_ACT_DEFAULT) 1034 action = hw_protection_action; 1035 1036 pr_emerg("HARDWARE PROTECTION %s (%s)\n", 1037 hw_protection_action_str(action), reason); 1038 1039 /* Shutdown should be initiated only once. */ 1040 if (!atomic_dec_and_test(&allow_proceed)) 1041 return; 1042 1043 /* 1044 * Queue a backup emergency shutdown in the event of 1045 * orderly_poweroff failure 1046 */ 1047 hw_failure_emergency_schedule(action, ms_until_forced); 1048 if (action == HWPROT_ACT_REBOOT) 1049 orderly_reboot(); 1050 else 1051 orderly_poweroff(true); 1052 } 1053 EXPORT_SYMBOL_GPL(__hw_protection_trigger); 1054 1055 static bool hw_protection_action_parse(const char *str, 1056 enum hw_protection_action *action) 1057 { 1058 if (sysfs_streq(str, "shutdown")) 1059 *action = HWPROT_ACT_SHUTDOWN; 1060 else if (sysfs_streq(str, "reboot")) 1061 *action = HWPROT_ACT_REBOOT; 1062 else 1063 return false; 1064 1065 return true; 1066 } 1067 1068 static int __init hw_protection_setup(char *str) 1069 { 1070 hw_protection_action_parse(str, &hw_protection_action); 1071 return 1; 1072 } 1073 __setup("hw_protection=", hw_protection_setup); 1074 1075 #ifdef CONFIG_SYSFS 1076 static ssize_t hw_protection_show(struct kobject *kobj, 1077 struct kobj_attribute *attr, char *buf) 1078 { 1079 return sysfs_emit(buf, "%s\n", 1080 hw_protection_action_str(hw_protection_action)); 1081 } 1082 static ssize_t hw_protection_store(struct kobject *kobj, 1083 struct kobj_attribute *attr, const char *buf, 1084 size_t count) 1085 { 1086 if (!capable(CAP_SYS_ADMIN)) 1087 return -EPERM; 1088 1089 if (!hw_protection_action_parse(buf, &hw_protection_action)) 1090 return -EINVAL; 1091 1092 return count; 1093 } 1094 static struct kobj_attribute hw_protection_attr = __ATTR_RW(hw_protection); 1095 #endif 1096 1097 static int __init reboot_setup(char *str) 1098 { 1099 for (;;) { 1100 enum reboot_mode *mode; 1101 1102 /* 1103 * Having anything passed on the command line via 1104 * reboot= will cause us to disable DMI checking 1105 * below. 1106 */ 1107 reboot_default = 0; 1108 1109 if (!strncmp(str, "panic_", 6)) { 1110 mode = &panic_reboot_mode; 1111 str += 6; 1112 } else { 1113 mode = &reboot_mode; 1114 } 1115 1116 switch (*str) { 1117 case 'w': 1118 *mode = REBOOT_WARM; 1119 break; 1120 1121 case 'c': 1122 *mode = REBOOT_COLD; 1123 break; 1124 1125 case 'h': 1126 *mode = REBOOT_HARD; 1127 break; 1128 1129 case 's': 1130 /* 1131 * reboot_cpu is s[mp]#### with #### being the processor 1132 * to be used for rebooting. Skip 's' or 'smp' prefix. 1133 */ 1134 str += str[1] == 'm' && str[2] == 'p' ? 3 : 1; 1135 1136 if (isdigit(str[0])) { 1137 int cpu = simple_strtoul(str, NULL, 0); 1138 1139 if (cpu >= num_possible_cpus()) { 1140 pr_err("Ignoring the CPU number in reboot= option. " 1141 "CPU %d exceeds possible cpu number %d\n", 1142 cpu, num_possible_cpus()); 1143 break; 1144 } 1145 reboot_cpu = cpu; 1146 } else 1147 *mode = REBOOT_SOFT; 1148 break; 1149 1150 case 'g': 1151 *mode = REBOOT_GPIO; 1152 break; 1153 1154 case 'b': 1155 case 'a': 1156 case 'k': 1157 case 't': 1158 case 'e': 1159 case 'p': 1160 reboot_type = *str; 1161 break; 1162 1163 case 'f': 1164 reboot_force = 1; 1165 break; 1166 } 1167 1168 str = strchr(str, ','); 1169 if (str) 1170 str++; 1171 else 1172 break; 1173 } 1174 return 1; 1175 } 1176 __setup("reboot=", reboot_setup); 1177 1178 #ifdef CONFIG_SYSFS 1179 1180 #define REBOOT_COLD_STR "cold" 1181 #define REBOOT_WARM_STR "warm" 1182 #define REBOOT_HARD_STR "hard" 1183 #define REBOOT_SOFT_STR "soft" 1184 #define REBOOT_GPIO_STR "gpio" 1185 #define REBOOT_UNDEFINED_STR "undefined" 1186 1187 #define BOOT_TRIPLE_STR "triple" 1188 #define BOOT_KBD_STR "kbd" 1189 #define BOOT_BIOS_STR "bios" 1190 #define BOOT_ACPI_STR "acpi" 1191 #define BOOT_EFI_STR "efi" 1192 #define BOOT_PCI_STR "pci" 1193 1194 static ssize_t mode_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) 1195 { 1196 const char *val; 1197 1198 switch (reboot_mode) { 1199 case REBOOT_COLD: 1200 val = REBOOT_COLD_STR; 1201 break; 1202 case REBOOT_WARM: 1203 val = REBOOT_WARM_STR; 1204 break; 1205 case REBOOT_HARD: 1206 val = REBOOT_HARD_STR; 1207 break; 1208 case REBOOT_SOFT: 1209 val = REBOOT_SOFT_STR; 1210 break; 1211 case REBOOT_GPIO: 1212 val = REBOOT_GPIO_STR; 1213 break; 1214 default: 1215 val = REBOOT_UNDEFINED_STR; 1216 } 1217 1218 return sysfs_emit(buf, "%s\n", val); 1219 } 1220 static ssize_t mode_store(struct kobject *kobj, struct kobj_attribute *attr, 1221 const char *buf, size_t count) 1222 { 1223 if (!capable(CAP_SYS_BOOT)) 1224 return -EPERM; 1225 1226 if (!strncmp(buf, REBOOT_COLD_STR, strlen(REBOOT_COLD_STR))) 1227 reboot_mode = REBOOT_COLD; 1228 else if (!strncmp(buf, REBOOT_WARM_STR, strlen(REBOOT_WARM_STR))) 1229 reboot_mode = REBOOT_WARM; 1230 else if (!strncmp(buf, REBOOT_HARD_STR, strlen(REBOOT_HARD_STR))) 1231 reboot_mode = REBOOT_HARD; 1232 else if (!strncmp(buf, REBOOT_SOFT_STR, strlen(REBOOT_SOFT_STR))) 1233 reboot_mode = REBOOT_SOFT; 1234 else if (!strncmp(buf, REBOOT_GPIO_STR, strlen(REBOOT_GPIO_STR))) 1235 reboot_mode = REBOOT_GPIO; 1236 else 1237 return -EINVAL; 1238 1239 reboot_default = 0; 1240 1241 return count; 1242 } 1243 static struct kobj_attribute reboot_mode_attr = __ATTR_RW(mode); 1244 1245 #ifdef CONFIG_X86 1246 static ssize_t force_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) 1247 { 1248 return sysfs_emit(buf, "%d\n", reboot_force); 1249 } 1250 static ssize_t force_store(struct kobject *kobj, struct kobj_attribute *attr, 1251 const char *buf, size_t count) 1252 { 1253 bool res; 1254 1255 if (!capable(CAP_SYS_BOOT)) 1256 return -EPERM; 1257 1258 if (kstrtobool(buf, &res)) 1259 return -EINVAL; 1260 1261 reboot_default = 0; 1262 reboot_force = res; 1263 1264 return count; 1265 } 1266 static struct kobj_attribute reboot_force_attr = __ATTR_RW(force); 1267 1268 static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) 1269 { 1270 const char *val; 1271 1272 switch (reboot_type) { 1273 case BOOT_TRIPLE: 1274 val = BOOT_TRIPLE_STR; 1275 break; 1276 case BOOT_KBD: 1277 val = BOOT_KBD_STR; 1278 break; 1279 case BOOT_BIOS: 1280 val = BOOT_BIOS_STR; 1281 break; 1282 case BOOT_ACPI: 1283 val = BOOT_ACPI_STR; 1284 break; 1285 case BOOT_EFI: 1286 val = BOOT_EFI_STR; 1287 break; 1288 case BOOT_CF9_FORCE: 1289 val = BOOT_PCI_STR; 1290 break; 1291 default: 1292 val = REBOOT_UNDEFINED_STR; 1293 } 1294 1295 return sysfs_emit(buf, "%s\n", val); 1296 } 1297 static ssize_t type_store(struct kobject *kobj, struct kobj_attribute *attr, 1298 const char *buf, size_t count) 1299 { 1300 if (!capable(CAP_SYS_BOOT)) 1301 return -EPERM; 1302 1303 if (!strncmp(buf, BOOT_TRIPLE_STR, strlen(BOOT_TRIPLE_STR))) 1304 reboot_type = BOOT_TRIPLE; 1305 else if (!strncmp(buf, BOOT_KBD_STR, strlen(BOOT_KBD_STR))) 1306 reboot_type = BOOT_KBD; 1307 else if (!strncmp(buf, BOOT_BIOS_STR, strlen(BOOT_BIOS_STR))) 1308 reboot_type = BOOT_BIOS; 1309 else if (!strncmp(buf, BOOT_ACPI_STR, strlen(BOOT_ACPI_STR))) 1310 reboot_type = BOOT_ACPI; 1311 else if (!strncmp(buf, BOOT_EFI_STR, strlen(BOOT_EFI_STR))) 1312 reboot_type = BOOT_EFI; 1313 else if (!strncmp(buf, BOOT_PCI_STR, strlen(BOOT_PCI_STR))) 1314 reboot_type = BOOT_CF9_FORCE; 1315 else 1316 return -EINVAL; 1317 1318 reboot_default = 0; 1319 1320 return count; 1321 } 1322 static struct kobj_attribute reboot_type_attr = __ATTR_RW(type); 1323 #endif 1324 1325 #ifdef CONFIG_SMP 1326 static ssize_t cpu_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf) 1327 { 1328 return sysfs_emit(buf, "%d\n", reboot_cpu); 1329 } 1330 static ssize_t cpu_store(struct kobject *kobj, struct kobj_attribute *attr, 1331 const char *buf, size_t count) 1332 { 1333 unsigned int cpunum; 1334 int rc; 1335 1336 if (!capable(CAP_SYS_BOOT)) 1337 return -EPERM; 1338 1339 rc = kstrtouint(buf, 0, &cpunum); 1340 1341 if (rc) 1342 return rc; 1343 1344 if (cpunum >= num_possible_cpus()) 1345 return -ERANGE; 1346 1347 reboot_default = 0; 1348 reboot_cpu = cpunum; 1349 1350 return count; 1351 } 1352 static struct kobj_attribute reboot_cpu_attr = __ATTR_RW(cpu); 1353 #endif 1354 1355 static struct attribute *reboot_attrs[] = { 1356 &hw_protection_attr.attr, 1357 &reboot_mode_attr.attr, 1358 #ifdef CONFIG_X86 1359 &reboot_force_attr.attr, 1360 &reboot_type_attr.attr, 1361 #endif 1362 #ifdef CONFIG_SMP 1363 &reboot_cpu_attr.attr, 1364 #endif 1365 NULL, 1366 }; 1367 1368 #ifdef CONFIG_SYSCTL 1369 static const struct ctl_table kern_reboot_table[] = { 1370 { 1371 .procname = "poweroff_cmd", 1372 .data = &poweroff_cmd, 1373 .maxlen = POWEROFF_CMD_PATH_LEN, 1374 .mode = 0644, 1375 .proc_handler = proc_dostring, 1376 }, 1377 { 1378 .procname = "ctrl-alt-del", 1379 .data = &C_A_D, 1380 .maxlen = sizeof(int), 1381 .mode = 0644, 1382 .proc_handler = proc_dointvec, 1383 }, 1384 }; 1385 1386 static void __init kernel_reboot_sysctls_init(void) 1387 { 1388 register_sysctl_init("kernel", kern_reboot_table); 1389 } 1390 #else 1391 #define kernel_reboot_sysctls_init() do { } while (0) 1392 #endif /* CONFIG_SYSCTL */ 1393 1394 static const struct attribute_group reboot_attr_group = { 1395 .attrs = reboot_attrs, 1396 }; 1397 1398 static int __init reboot_ksysfs_init(void) 1399 { 1400 struct kobject *reboot_kobj; 1401 int ret; 1402 1403 reboot_kobj = kobject_create_and_add("reboot", kernel_kobj); 1404 if (!reboot_kobj) 1405 return -ENOMEM; 1406 1407 ret = sysfs_create_group(reboot_kobj, &reboot_attr_group); 1408 if (ret) { 1409 kobject_put(reboot_kobj); 1410 return ret; 1411 } 1412 1413 kernel_reboot_sysctls_init(); 1414 1415 return 0; 1416 } 1417 late_initcall(reboot_ksysfs_init); 1418 1419 #endif 1420