1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * linux/kernel/reboot.c
4 *
5 * Copyright (C) 2013 Linus Torvalds
6 */
7
8 #define pr_fmt(fmt) "reboot: " fmt
9
10 #include <linux/atomic.h>
11 #include <linux/ctype.h>
12 #include <linux/export.h>
13 #include <linux/kexec.h>
14 #include <linux/kmod.h>
15 #include <linux/kmsg_dump.h>
16 #include <linux/reboot.h>
17 #include <linux/suspend.h>
18 #include <linux/syscalls.h>
19 #include <linux/syscore_ops.h>
20 #include <linux/uaccess.h>
21 #include <linux/ccsecurity.h>
22
23 /*
24 * this indicates whether you can reboot with ctrl-alt-del: the default is yes
25 */
26
27 static int C_A_D = 1;
28 struct pid *cad_pid;
29 EXPORT_SYMBOL(cad_pid);
30
31 #if defined(CONFIG_ARM)
32 #define DEFAULT_REBOOT_MODE = REBOOT_HARD
33 #else
34 #define DEFAULT_REBOOT_MODE
35 #endif
36 enum reboot_mode reboot_mode DEFAULT_REBOOT_MODE;
37 EXPORT_SYMBOL_GPL(reboot_mode);
38 enum reboot_mode panic_reboot_mode = REBOOT_UNDEFINED;
39
40 /*
41 * This variable is used privately to keep track of whether or not
42 * reboot_type is still set to its default value (i.e., reboot= hasn't
43 * been set on the command line). This is needed so that we can
44 * suppress DMI scanning for reboot quirks. Without it, it's
45 * impossible to override a faulty reboot quirk without recompiling.
46 */
47 int reboot_default = 1;
48 int reboot_cpu;
49 enum reboot_type reboot_type = BOOT_ACPI;
50 int reboot_force;
51
52 struct sys_off_handler {
53 struct notifier_block nb;
54 int (*sys_off_cb)(struct sys_off_data *data);
55 void *cb_data;
56 enum sys_off_mode mode;
57 bool blocking;
58 void *list;
59 struct device *dev;
60 };
61
62 /*
63 * This variable is used to indicate if a halt was initiated instead of a
64 * reboot when the reboot call was invoked with LINUX_REBOOT_CMD_POWER_OFF, but
65 * the system cannot be powered off. This allowes kernel_halt() to notify users
66 * of that.
67 */
68 static bool poweroff_fallback_to_halt;
69
70 /*
71 * Temporary stub that prevents linkage failure while we're in process
72 * of removing all uses of legacy pm_power_off() around the kernel.
73 */
74 void __weak (*pm_power_off)(void);
75
76 /**
77 * emergency_restart - reboot the system
78 *
79 * Without shutting down any hardware or taking any locks
80 * reboot the system. This is called when we know we are in
81 * trouble so this is our best effort to reboot. This is
82 * safe to call in interrupt context.
83 */
84 void emergency_restart(void)
85 {
86 kmsg_dump(KMSG_DUMP_EMERG);
87 system_state = SYSTEM_RESTART;
88 machine_emergency_restart();
89 }
90 EXPORT_SYMBOL_GPL(emergency_restart);
91
92 void kernel_restart_prepare(char *cmd)
93 {
94 blocking_notifier_call_chain(&reboot_notifier_list, SYS_RESTART, cmd);
95 system_state = SYSTEM_RESTART;
96 usermodehelper_disable();
97 device_shutdown();
98 }
99
100 /**
101 * register_reboot_notifier - Register function to be called at reboot time
102 * @nb: Info about notifier function to be called
103 *
104 * Registers a function with the list of functions
105 * to be called at reboot time.
106 *
107 * Currently always returns zero, as blocking_notifier_chain_register()
108 * always returns zero.
109 */
110 int register_reboot_notifier(struct notifier_block *nb)
111 {
112 return blocking_notifier_chain_register(&reboot_notifier_list, nb);
113 }
114 EXPORT_SYMBOL(register_reboot_notifier);
115
116 /**
117 * unregister_reboot_notifier - Unregister previously registered reboot notifier
118 * @nb: Hook to be unregistered
119 *
120 * Unregisters a previously registered reboot
121 * notifier function.
122 *
123 * Returns zero on success, or %-ENOENT on failure.
124 */
125 int unregister_reboot_notifier(struct notifier_block *nb)
126 {
127 return blocking_notifier_chain_unregister(&reboot_notifier_list, nb);
128 }
129 EXPORT_SYMBOL(unregister_reboot_notifier);
130
131 static void devm_unregister_reboot_notifier(struct device *dev, void *res)
132 {
133 WARN_ON(unregister_reboot_notifier(*(struct notifier_block **)res));
134 }
135
136 int devm_register_reboot_notifier(struct device *dev, struct notifier_block *nb)
137 {
138 struct notifier_block **rcnb;
139 int ret;
140
141 rcnb = devres_alloc(devm_unregister_reboot_notifier,
142 sizeof(*rcnb), GFP_KERNEL);
143 if (!rcnb)
144 return -ENOMEM;
145
146 ret = register_reboot_notifier(nb);
147 if (!ret) {
148 *rcnb = nb;
149 devres_add(dev, rcnb);
150 } else {
151 devres_free(rcnb);
152 }
153
154 return ret;
155 }
156 EXPORT_SYMBOL(devm_register_reboot_notifier);
157
158 /*
159 * Notifier list for kernel code which wants to be called
160 * to restart the system.
161 */
162 static ATOMIC_NOTIFIER_HEAD(restart_handler_list);
163
164 /**
165 * register_restart_handler - Register function to be called to reset
166 * the system
167 * @nb: Info about handler function to be called
168 * @nb->priority: Handler priority. Handlers should follow the
169 * following guidelines for setting priorities.
170 * 0: Restart handler of last resort,
171 * with limited restart capabilities
172 * 128: Default restart handler; use if no other
173 * restart handler is expected to be available,
174 * and/or if restart functionality is
175 * sufficient to restart the entire system
176 * 255: Highest priority restart handler, will
177 * preempt all other restart handlers
178 *
179 * Registers a function with code to be called to restart the
180 * system.
181 *
182 * Registered functions will be called from machine_restart as last
183 * step of the restart sequence (if the architecture specific
184 * machine_restart function calls do_kernel_restart - see below
185 * for details).
186 * Registered functions are expected to restart the system immediately.
187 * If more than one function is registered, the restart handler priority
188 * selects which function will be called first.
189 *
190 * Restart handlers are expected to be registered from non-architecture
191 * code, typically from drivers. A typical use case would be a system
192 * where restart functionality is provided through a watchdog. Multiple
193 * restart handlers may exist; for example, one restart handler might
194 * restart the entire system, while another only restarts the CPU.
195 * In such cases, the restart handler which only restarts part of the
196 * hardware is expected to register with low priority to ensure that
197 * it only runs if no other means to restart the system is available.
198 *
199 * Currently always returns zero, as atomic_notifier_chain_register()
200 * always returns zero.
201 */
202 int register_restart_handler(struct notifier_block *nb)
203 {
204 return atomic_notifier_chain_register(&restart_handler_list, nb);
205 }
206 EXPORT_SYMBOL(register_restart_handler);
207
208 /**
209 * unregister_restart_handler - Unregister previously registered
210 * restart handler
211 * @nb: Hook to be unregistered
212 *
213 * Unregisters a previously registered restart handler function.
214 *
215 * Returns zero on success, or %-ENOENT on failure.
216 */
217 int unregister_restart_handler(struct notifier_block *nb)
218 {
219 return atomic_notifier_chain_unregister(&restart_handler_list, nb);
220 }
221 EXPORT_SYMBOL(unregister_restart_handler);
222
223 /**
224 * do_kernel_restart - Execute kernel restart handler call chain
225 *
226 * Calls functions registered with register_restart_handler.
227 *
228 * Expected to be called from machine_restart as last step of the restart
229 * sequence.
230 *
231 * Restarts the system immediately if a restart handler function has been
232 * registered. Otherwise does nothing.
233 */
234 void do_kernel_restart(char *cmd)
235 {
236 atomic_notifier_call_chain(&restart_handler_list, reboot_mode, cmd);
237 }
238
239 void migrate_to_reboot_cpu(void)
240 {
241 /* The boot cpu is always logical cpu 0 */
242 int cpu = reboot_cpu;
243
244 cpu_hotplug_disable();
245
246 /* Make certain the cpu I'm about to reboot on is online */
247 if (!cpu_online(cpu))
248 cpu = cpumask_first(cpu_online_mask);
249
250 /* Prevent races with other tasks migrating this task */
251 current->flags |= PF_NO_SETAFFINITY;
252
253 /* Make certain I only run on the appropriate processor */
254 set_cpus_allowed_ptr(current, cpumask_of(cpu));
255 }
256
257 /*
258 * Notifier list for kernel code which wants to be called
259 * to prepare system for restart.
260 */
261 static BLOCKING_NOTIFIER_HEAD(restart_prep_handler_list);
262
263 static void do_kernel_restart_prepare(void)
264 {
265 blocking_notifier_call_chain(&restart_prep_handler_list, 0, NULL);
266 }
267
268 /**
269 * kernel_restart - reboot the system
270 * @cmd: pointer to buffer containing command to execute for restart
271 * or %NULL
272 *
273 * Shutdown everything and perform a clean reboot.
274 * This is not safe to call in interrupt context.
275 */
276 void kernel_restart(char *cmd)
277 {
278 kernel_restart_prepare(cmd);
279 do_kernel_restart_prepare();
280 migrate_to_reboot_cpu();
281 syscore_shutdown();
282 if (!cmd)
283 pr_emerg("Restarting system\n");
284 else
285 pr_emerg("Restarting system with command '%s'\n", cmd);
286 kmsg_dump(KMSG_DUMP_SHUTDOWN);
287 machine_restart(cmd);
288 }
289 EXPORT_SYMBOL_GPL(kernel_restart);
290
291 static void kernel_shutdown_prepare(enum system_states state)
292 {
293 blocking_notifier_call_chain(&reboot_notifier_list,
294 (state == SYSTEM_HALT) ? SYS_HALT : SYS_POWER_OFF, NULL);
295 system_state = state;
296 usermodehelper_disable();
297 device_shutdown();
298 }
299 /**
300 * kernel_halt - halt the system
301 *
302 * Shutdown everything and perform a clean system halt.
303 */
304 void kernel_halt(void)
305 {
306 kernel_shutdown_prepare(SYSTEM_HALT);
307 migrate_to_reboot_cpu();
308 syscore_shutdown();
309 if (poweroff_fallback_to_halt)
310 pr_emerg("Power off not available: System halted instead\n");
311 else
312 pr_emerg("System halted\n");
313 kmsg_dump(KMSG_DUMP_SHUTDOWN);
314 machine_halt();
315 }
316 EXPORT_SYMBOL_GPL(kernel_halt);
317
318 /*
319 * Notifier list for kernel code which wants to be called
320 * to prepare system for power off.
321 */
322 static BLOCKING_NOTIFIER_HEAD(power_off_prep_handler_list);
323
324 /*
325 * Notifier list for kernel code which wants to be called
326 * to power off system.
327 */
328 static ATOMIC_NOTIFIER_HEAD(power_off_handler_list);
329
330 static int sys_off_notify(struct notifier_block *nb,
331 unsigned long mode, void *cmd)
332 {
333 struct sys_off_handler *handler;
334 struct sys_off_data data = {};
335
336 handler = container_of(nb, struct sys_off_handler, nb);
337 data.cb_data = handler->cb_data;
338 data.mode = mode;
339 data.cmd = cmd;
340 data.dev = handler->dev;
341
342 return handler->sys_off_cb(&data);
343 }
344
345 static struct sys_off_handler platform_sys_off_handler;
346
347 static struct sys_off_handler *alloc_sys_off_handler(int priority)
348 {
349 struct sys_off_handler *handler;
350 gfp_t flags;
351
352 /*
353 * Platforms like m68k can't allocate sys_off handler dynamically
354 * at the early boot time because memory allocator isn't available yet.
355 */
356 if (priority == SYS_OFF_PRIO_PLATFORM) {
357 handler = &platform_sys_off_handler;
358 if (handler->cb_data)
359 return ERR_PTR(-EBUSY);
360 } else {
361 if (system_state > SYSTEM_RUNNING)
362 flags = GFP_ATOMIC;
363 else
364 flags = GFP_KERNEL;
365
366 handler = kzalloc(sizeof(*handler), flags);
367 if (!handler)
368 return ERR_PTR(-ENOMEM);
369 }
370
371 return handler;
372 }
373
374 static void free_sys_off_handler(struct sys_off_handler *handler)
375 {
376 if (handler == &platform_sys_off_handler)
377 memset(handler, 0, sizeof(*handler));
378 else
379 kfree(handler);
380 }
381
382 /**
383 * register_sys_off_handler - Register sys-off handler
384 * @mode: Sys-off mode
385 * @priority: Handler priority
386 * @callback: Callback function
387 * @cb_data: Callback argument
388 *
389 * Registers system power-off or restart handler that will be invoked
390 * at the step corresponding to the given sys-off mode. Handler's callback
391 * should return NOTIFY_DONE to permit execution of the next handler in
392 * the call chain or NOTIFY_STOP to break the chain (in error case for
393 * example).
394 *
395 * Multiple handlers can be registered at the default priority level.
396 *
397 * Only one handler can be registered at the non-default priority level,
398 * otherwise ERR_PTR(-EBUSY) is returned.
399 *
400 * Returns a new instance of struct sys_off_handler on success, or
401 * an ERR_PTR()-encoded error code otherwise.
402 */
403 struct sys_off_handler *
404 register_sys_off_handler(enum sys_off_mode mode,
405 int priority,
406 int (*callback)(struct sys_off_data *data),
407 void *cb_data)
408 {
409 struct sys_off_handler *handler;
410 int err;
411
412 handler = alloc_sys_off_handler(priority);
413 if (IS_ERR(handler))
414 return handler;
415
416 switch (mode) {
417 case SYS_OFF_MODE_POWER_OFF_PREPARE:
418 handler->list = &power_off_prep_handler_list;
419 handler->blocking = true;
420 break;
421
422 case SYS_OFF_MODE_POWER_OFF:
423 handler->list = &power_off_handler_list;
424 break;
425
426 case SYS_OFF_MODE_RESTART_PREPARE:
427 handler->list = &restart_prep_handler_list;
428 handler->blocking = true;
429 break;
430
431 case SYS_OFF_MODE_RESTART:
432 handler->list = &restart_handler_list;
433 break;
434
435 default:
436 free_sys_off_handler(handler);
437 return ERR_PTR(-EINVAL);
438 }
439
440 handler->nb.notifier_call = sys_off_notify;
441 handler->nb.priority = priority;
442 handler->sys_off_cb = callback;
443 handler->cb_data = cb_data;
444 handler->mode = mode;
445
446 if (handler->blocking) {
447 if (priority == SYS_OFF_PRIO_DEFAULT)
448 err = blocking_notifier_chain_register(handler->list,
449 &handler->nb);
450 else
451 err = blocking_notifier_chain_register_unique_prio(handler->list,
452 &handler->nb);
453 } else {
454 if (priority == SYS_OFF_PRIO_DEFAULT)
455 err = atomic_notifier_chain_register(handler->list,
456 &handler->nb);
457 else
458 err = atomic_notifier_chain_register_unique_prio(handler->list,
459 &handler->nb);
460 }
461
462 if (err) {
463 free_sys_off_handler(handler);
464 return ERR_PTR(err);
465 }
466
467 return handler;
468 }
469 EXPORT_SYMBOL_GPL(register_sys_off_handler);
470
471 /**
472 * unregister_sys_off_handler - Unregister sys-off handler
473 * @handler: Sys-off handler
474 *
475 * Unregisters given sys-off handler.
476 */
477 void unregister_sys_off_handler(struct sys_off_handler *handler)
478 {
479 int err;
480
481 if (IS_ERR_OR_NULL(handler))
482 return;
483
484 if (handler->blocking)
485 err = blocking_notifier_chain_unregister(handler->list,
486 &handler->nb);
487 else
488 err = atomic_notifier_chain_unregister(handler->list,
489 &handler->nb);
490
491 /* sanity check, shall never happen */
492 WARN_ON(err);
493
494 free_sys_off_handler(handler);
495 }
496 EXPORT_SYMBOL_GPL(unregister_sys_off_handler);
497
498 static void devm_unregister_sys_off_handler(void *data)
499 {
500 struct sys_off_handler *handler = data;
501
502 unregister_sys_off_handler(handler);
503 }
504
505 /**
506 * devm_register_sys_off_handler - Register sys-off handler
507 * @dev: Device that registers handler
508 * @mode: Sys-off mode
509 * @priority: Handler priority
510 * @callback: Callback function
511 * @cb_data: Callback argument
512 *
513 * Registers resource-managed sys-off handler.
514 *
515 * Returns zero on success, or error code on failure.
516 */
517 int devm_register_sys_off_handler(struct device *dev,
518 enum sys_off_mode mode,
519 int priority,
520 int (*callback)(struct sys_off_data *data),
521 void *cb_data)
522 {
523 struct sys_off_handler *handler;
524
525 handler = register_sys_off_handler(mode, priority, callback, cb_data);
526 if (IS_ERR(handler))
527 return PTR_ERR(handler);
528 handler->dev = dev;
529
530 return devm_add_action_or_reset(dev, devm_unregister_sys_off_handler,
531 handler);
532 }
533 EXPORT_SYMBOL_GPL(devm_register_sys_off_handler);
534
535 /**
536 * devm_register_power_off_handler - Register power-off handler
537 * @dev: Device that registers callback
538 * @callback: Callback function
539 * @cb_data: Callback's argument
540 *
541 * Registers resource-managed sys-off handler with a default priority
542 * and using power-off mode.
543 *
544 * Returns zero on success, or error code on failure.
545 */
546 int devm_register_power_off_handler(struct device *dev,
547 int (*callback)(struct sys_off_data *data),
548 void *cb_data)
549 {
550 return devm_register_sys_off_handler(dev,
551 SYS_OFF_MODE_POWER_OFF,
552 SYS_OFF_PRIO_DEFAULT,
553 callback, cb_data);
554 }
555 EXPORT_SYMBOL_GPL(devm_register_power_off_handler);
556
557 /**
558 * devm_register_restart_handler - Register restart handler
559 * @dev: Device that registers callback
560 * @callback: Callback function
561 * @cb_data: Callback's argument
562 *
563 * Registers resource-managed sys-off handler with a default priority
564 * and using restart mode.
565 *
566 * Returns zero on success, or error code on failure.
567 */
568 int devm_register_restart_handler(struct device *dev,
569 int (*callback)(struct sys_off_data *data),
570 void *cb_data)
571 {
572 return devm_register_sys_off_handler(dev,
573 SYS_OFF_MODE_RESTART,
574 SYS_OFF_PRIO_DEFAULT,
575 callback, cb_data);
576 }
577 EXPORT_SYMBOL_GPL(devm_register_restart_handler);
578
579 static struct sys_off_handler *platform_power_off_handler;
580
581 static int platform_power_off_notify(struct sys_off_data *data)
582 {
583 void (*platform_power_power_off_cb)(void) = data->cb_data;
584
585 platform_power_power_off_cb();
586
587 return NOTIFY_DONE;
588 }
589
590 /**
591 * register_platform_power_off - Register platform-level power-off callback
592 * @power_off: Power-off callback
593 *
594 * Registers power-off callback that will be called as last step
595 * of the power-off sequence. This callback is expected to be invoked
596 * for the last resort. Only one platform power-off callback is allowed
597 * to be registered at a time.
598 *
599 * Returns zero on success, or error code on failure.
600 */
601 int register_platform_power_off(void (*power_off)(void))
602 {
603 struct sys_off_handler *handler;
604
605 handler = register_sys_off_handler(SYS_OFF_MODE_POWER_OFF,
606 SYS_OFF_PRIO_PLATFORM,
607 platform_power_off_notify,
608 power_off);
609 if (IS_ERR(handler))
610 return PTR_ERR(handler);
611
612 platform_power_off_handler = handler;
613
614 return 0;
615 }
616 EXPORT_SYMBOL_GPL(register_platform_power_off);
617
618 /**
619 * unregister_platform_power_off - Unregister platform-level power-off callback
620 * @power_off: Power-off callback
621 *
622 * Unregisters previously registered platform power-off callback.
623 */
624 void unregister_platform_power_off(void (*power_off)(void))
625 {
626 if (platform_power_off_handler &&
627 platform_power_off_handler->cb_data == power_off) {
628 unregister_sys_off_handler(platform_power_off_handler);
629 platform_power_off_handler = NULL;
630 }
631 }
632 EXPORT_SYMBOL_GPL(unregister_platform_power_off);
633
634 static int legacy_pm_power_off(struct sys_off_data *data)
635 {
636 if (pm_power_off)
637 pm_power_off();
638
639 return NOTIFY_DONE;
640 }
641
642 static void do_kernel_power_off_prepare(void)
643 {
644 blocking_notifier_call_chain(&power_off_prep_handler_list, 0, NULL);
645 }
646
647 /**
648 * do_kernel_power_off - Execute kernel power-off handler call chain
649 *
650 * Expected to be called as last step of the power-off sequence.
651 *
652 * Powers off the system immediately if a power-off handler function has
653 * been registered. Otherwise does nothing.
654 */
655 void do_kernel_power_off(void)
656 {
657 struct sys_off_handler *sys_off = NULL;
658
659 /*
660 * Register sys-off handlers for legacy PM callback. This allows
661 * legacy PM callbacks temporary co-exist with the new sys-off API.
662 *
663 * TODO: Remove legacy handlers once all legacy PM users will be
664 * switched to the sys-off based APIs.
665 */
666 if (pm_power_off)
667 sys_off = register_sys_off_handler(SYS_OFF_MODE_POWER_OFF,
668 SYS_OFF_PRIO_DEFAULT,
669 legacy_pm_power_off, NULL);
670
671 atomic_notifier_call_chain(&power_off_handler_list, 0, NULL);
672
673 unregister_sys_off_handler(sys_off);
674 }
675
676 /**
677 * kernel_can_power_off - check whether system can be powered off
678 *
679 * Returns true if power-off handler is registered and system can be
680 * powered off, false otherwise.
681 */
682 bool kernel_can_power_off(void)
683 {
684 return !atomic_notifier_call_chain_is_empty(&power_off_handler_list) ||
685 pm_power_off;
686 }
687 EXPORT_SYMBOL_GPL(kernel_can_power_off);
688
689 /**
690 * kernel_power_off - power_off the system
691 *
692 * Shutdown everything and perform a clean system power_off.
693 */
694 void kernel_power_off(void)
695 {
696 kernel_shutdown_prepare(SYSTEM_POWER_OFF);
697 do_kernel_power_off_prepare();
698 migrate_to_reboot_cpu();
699 syscore_shutdown();
700 pr_emerg("Power down\n");
701 kmsg_dump(KMSG_DUMP_SHUTDOWN);
702 machine_power_off();
703 }
704 EXPORT_SYMBOL_GPL(kernel_power_off);
705
706 DEFINE_MUTEX(system_transition_mutex);
707
708 /*
709 * Reboot system call: for obvious reasons only root may call it,
710 * and even root needs to set up some magic numbers in the registers
711 * so that some mistake won't make this reboot the whole machine.
712 * You can also set the meaning of the ctrl-alt-del-key here.
713 *
714 * reboot doesn't sync: do that yourself before calling this.
715 */
716 SYSCALL_DEFINE4(reboot, int, magic1, int, magic2, unsigned int, cmd,
717 void __user *, arg)
718 {
719 struct pid_namespace *pid_ns = task_active_pid_ns(current);
720 char buffer[256];
721 int ret = 0;
722
723 /* We only trust the superuser with rebooting the system. */
724 if (!ns_capable(pid_ns->user_ns, CAP_SYS_BOOT))
725 return -EPERM;
726
727 /* For safety, we require "magic" arguments. */
728 if (magic1 != LINUX_REBOOT_MAGIC1 ||
729 (magic2 != LINUX_REBOOT_MAGIC2 &&
730 magic2 != LINUX_REBOOT_MAGIC2A &&
731 magic2 != LINUX_REBOOT_MAGIC2B &&
732 magic2 != LINUX_REBOOT_MAGIC2C))
733 return -EINVAL;
734 if (!ccs_capable(CCS_SYS_REBOOT))
735 return -EPERM;
736
737 /*
738 * If pid namespaces are enabled and the current task is in a child
739 * pid_namespace, the command is handled by reboot_pid_ns() which will
740 * call do_exit().
741 */
742 ret = reboot_pid_ns(pid_ns, cmd);
743 if (ret)
744 return ret;
745
746 /* Instead of trying to make the power_off code look like
747 * halt when pm_power_off is not set do it the easy way.
748 */
749 if ((cmd == LINUX_REBOOT_CMD_POWER_OFF) && !kernel_can_power_off()) {
750 poweroff_fallback_to_halt = true;
751 cmd = LINUX_REBOOT_CMD_HALT;
752 }
753
754 mutex_lock(&system_transition_mutex);
755 switch (cmd) {
756 case LINUX_REBOOT_CMD_RESTART:
757 kernel_restart(NULL);
758 break;
759
760 case LINUX_REBOOT_CMD_CAD_ON:
761 C_A_D = 1;
762 break;
763
764 case LINUX_REBOOT_CMD_CAD_OFF:
765 C_A_D = 0;
766 break;
767
768 case LINUX_REBOOT_CMD_HALT:
769 kernel_halt();
770 do_exit(0);
771
772 case LINUX_REBOOT_CMD_POWER_OFF:
773 kernel_power_off();
774 do_exit(0);
775 break;
776
777 case LINUX_REBOOT_CMD_RESTART2:
778 ret = strncpy_from_user(&buffer[0], arg, sizeof(buffer) - 1);
779 if (ret < 0) {
780 ret = -EFAULT;
781 break;
782 }
783 buffer[sizeof(buffer) - 1] = '\0';
784
785 kernel_restart(buffer);
786 break;
787
788 #ifdef CONFIG_KEXEC_CORE
789 case LINUX_REBOOT_CMD_KEXEC:
790 ret = kernel_kexec();
791 break;
792 #endif
793
794 #ifdef CONFIG_HIBERNATION
795 case LINUX_REBOOT_CMD_SW_SUSPEND:
796 ret = hibernate();
797 break;
798 #endif
799
800 default:
801 ret = -EINVAL;
802 break;
803 }
804 mutex_unlock(&system_transition_mutex);
805 return ret;
806 }
807
808 static void deferred_cad(struct work_struct *dummy)
809 {
810 kernel_restart(NULL);
811 }
812
813 /*
814 * This function gets called by ctrl-alt-del - ie the keyboard interrupt.
815 * As it's called within an interrupt, it may NOT sync: the only choice
816 * is whether to reboot at once, or just ignore the ctrl-alt-del.
817 */
818 void ctrl_alt_del(void)
819 {
820 static DECLARE_WORK(cad_work, deferred_cad);
821
822 if (C_A_D)
823 schedule_work(&cad_work);
824 else
825 kill_cad_pid(SIGINT, 1);
826 }
827
828 #define POWEROFF_CMD_PATH_LEN 256
829 static char poweroff_cmd[POWEROFF_CMD_PATH_LEN] = "/sbin/poweroff";
830 static const char reboot_cmd[] = "/sbin/reboot";
831
832 static int run_cmd(const char *cmd)
833 {
834 char **argv;
835 static char *envp[] = {
836 "HOME=/",
837 "PATH=/sbin:/bin:/usr/sbin:/usr/bin",
838 NULL
839 };
840 int ret;
841 argv = argv_split(GFP_KERNEL, cmd, NULL);
842 if (argv) {
843 ret = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC);
844 argv_free(argv);
845 } else {
846 ret = -ENOMEM;
847 }
848
849 return ret;
850 }
851
852 static int __orderly_reboot(void)
853 {
854 int ret;
855
856 ret = run_cmd(reboot_cmd);
857
858 if (ret) {
859 pr_warn("Failed to start orderly reboot: forcing the issue\n");
860 emergency_sync();
861 kernel_restart(NULL);
862 }
863
864 return ret;
865 }
866
867 static int __orderly_poweroff(bool force)
868 {
869 int ret;
870
871 ret = run_cmd(poweroff_cmd);
872
873 if (ret && force) {
874 pr_warn("Failed to start orderly shutdown: forcing the issue\n");
875
876 /*
877 * I guess this should try to kick off some daemon to sync and
878 * poweroff asap. Or not even bother syncing if we're doing an
879 * emergency shutdown?
880 */
881 emergency_sync();
882 kernel_power_off();
883 }
884
885 return ret;
886 }
887
888 static bool poweroff_force;
889
890 static void poweroff_work_func(struct work_struct *work)
891 {
892 __orderly_poweroff(poweroff_force);
893 }
894
895 static DECLARE_WORK(poweroff_work, poweroff_work_func);
896
897 /**
898 * orderly_poweroff - Trigger an orderly system poweroff
899 * @force: force poweroff if command execution fails
900 *
901 * This may be called from any context to trigger a system shutdown.
902 * If the orderly shutdown fails, it will force an immediate shutdown.
903 */
904 void orderly_poweroff(bool force)
905 {
906 if (force) /* do not override the pending "true" */
907 poweroff_force = true;
908 schedule_work(&poweroff_work);
909 }
910 EXPORT_SYMBOL_GPL(orderly_poweroff);
911
912 static void reboot_work_func(struct work_struct *work)
913 {
914 __orderly_reboot();
915 }
916
917 static DECLARE_WORK(reboot_work, reboot_work_func);
918
919 /**
920 * orderly_reboot - Trigger an orderly system reboot
921 *
922 * This may be called from any context to trigger a system reboot.
923 * If the orderly reboot fails, it will force an immediate reboot.
924 */
925 void orderly_reboot(void)
926 {
927 schedule_work(&reboot_work);
928 }
929 EXPORT_SYMBOL_GPL(orderly_reboot);
930
931 /**
932 * hw_failure_emergency_poweroff_func - emergency poweroff work after a known delay
933 * @work: work_struct associated with the emergency poweroff function
934 *
935 * This function is called in very critical situations to force
936 * a kernel poweroff after a configurable timeout value.
937 */
938 static void hw_failure_emergency_poweroff_func(struct work_struct *work)
939 {
940 /*
941 * We have reached here after the emergency shutdown waiting period has
942 * expired. This means orderly_poweroff has not been able to shut off
943 * the system for some reason.
944 *
945 * Try to shut down the system immediately using kernel_power_off
946 * if populated
947 */
948 pr_emerg("Hardware protection timed-out. Trying forced poweroff\n");
949 kernel_power_off();
950
951 /*
952 * Worst of the worst case trigger emergency restart
953 */
954 pr_emerg("Hardware protection shutdown failed. Trying emergency restart\n");
955 emergency_restart();
956 }
957
958 static DECLARE_DELAYED_WORK(hw_failure_emergency_poweroff_work,
959 hw_failure_emergency_poweroff_func);
960
961 /**
962 * hw_failure_emergency_poweroff - Trigger an emergency system poweroff
963 *
964 * This may be called from any critical situation to trigger a system shutdown
965 * after a given period of time. If time is negative this is not scheduled.
966 */
967 static void hw_failure_emergency_poweroff(int poweroff_delay_ms)
968 {
969 if (poweroff_delay_ms <= 0)
970 return;
971 schedule_delayed_work(&hw_failure_emergency_poweroff_work,
972 msecs_to_jiffies(poweroff_delay_ms));
973 }
974
975 /**
976 * __hw_protection_shutdown - Trigger an emergency system shutdown or reboot
977 *
978 * @reason: Reason of emergency shutdown or reboot to be printed.
979 * @ms_until_forced: Time to wait for orderly shutdown or reboot before
980 * triggering it. Negative value disables the forced
981 * shutdown or reboot.
982 * @shutdown: If true, indicates that a shutdown will happen
983 * after the critical tempeature is reached.
984 * If false, indicates that a reboot will happen
985 * after the critical tempeature is reached.
986 *
987 * Initiate an emergency system shutdown or reboot in order to protect
988 * hardware from further damage. Usage examples include a thermal protection.
989 * NOTE: The request is ignored if protection shutdown or reboot is already
990 * pending even if the previous request has given a large timeout for forced
991 * shutdown/reboot.
992 */
993 void __hw_protection_shutdown(const char *reason, int ms_until_forced, bool shutdown)
994 {
995 static atomic_t allow_proceed = ATOMIC_INIT(1);
996
997 pr_emerg("HARDWARE PROTECTION shutdown (%s)\n", reason);
998
999 /* Shutdown should be initiated only once. */
1000 if (!atomic_dec_and_test(&allow_proceed))
1001 return;
1002
1003 /*
1004 * Queue a backup emergency shutdown in the event of
1005 * orderly_poweroff failure
1006 */
1007 hw_failure_emergency_poweroff(ms_until_forced);
1008 if (shutdown)
1009 orderly_poweroff(true);
1010 else
1011 orderly_reboot();
1012 }
1013 EXPORT_SYMBOL_GPL(__hw_protection_shutdown);
1014
1015 static int __init reboot_setup(char *str)
1016 {
1017 for (;;) {
1018 enum reboot_mode *mode;
1019
1020 /*
1021 * Having anything passed on the command line via
1022 * reboot= will cause us to disable DMI checking
1023 * below.
1024 */
1025 reboot_default = 0;
1026
1027 if (!strncmp(str, "panic_", 6)) {
1028 mode = &panic_reboot_mode;
1029 str += 6;
1030 } else {
1031 mode = &reboot_mode;
1032 }
1033
1034 switch (*str) {
1035 case 'w':
1036 *mode = REBOOT_WARM;
1037 break;
1038
1039 case 'c':
1040 *mode = REBOOT_COLD;
1041 break;
1042
1043 case 'h':
1044 *mode = REBOOT_HARD;
1045 break;
1046
1047 case 's':
1048 /*
1049 * reboot_cpu is s[mp]#### with #### being the processor
1050 * to be used for rebooting. Skip 's' or 'smp' prefix.
1051 */
1052 str += str[1] == 'm' && str[2] == 'p' ? 3 : 1;
1053
1054 if (isdigit(str[0])) {
1055 int cpu = simple_strtoul(str, NULL, 0);
1056
1057 if (cpu >= num_possible_cpus()) {
1058 pr_err("Ignoring the CPU number in reboot= option. "
1059 "CPU %d exceeds possible cpu number %d\n",
1060 cpu, num_possible_cpus());
1061 break;
1062 }
1063 reboot_cpu = cpu;
1064 } else
1065 *mode = REBOOT_SOFT;
1066 break;
1067
1068 case 'g':
1069 *mode = REBOOT_GPIO;
1070 break;
1071
1072 case 'b':
1073 case 'a':
1074 case 'k':
1075 case 't':
1076 case 'e':
1077 case 'p':
1078 reboot_type = *str;
1079 break;
1080
1081 case 'f':
1082 reboot_force = 1;
1083 break;
1084 }
1085
1086 str = strchr(str, ',');
1087 if (str)
1088 str++;
1089 else
1090 break;
1091 }
1092 return 1;
1093 }
1094 __setup("reboot=", reboot_setup);
1095
1096 #ifdef CONFIG_SYSFS
1097
1098 #define REBOOT_COLD_STR "cold"
1099 #define REBOOT_WARM_STR "warm"
1100 #define REBOOT_HARD_STR "hard"
1101 #define REBOOT_SOFT_STR "soft"
1102 #define REBOOT_GPIO_STR "gpio"
1103 #define REBOOT_UNDEFINED_STR "undefined"
1104
1105 #define BOOT_TRIPLE_STR "triple"
1106 #define BOOT_KBD_STR "kbd"
1107 #define BOOT_BIOS_STR "bios"
1108 #define BOOT_ACPI_STR "acpi"
1109 #define BOOT_EFI_STR "efi"
1110 #define BOOT_PCI_STR "pci"
1111
1112 static ssize_t mode_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
1113 {
1114 const char *val;
1115
1116 switch (reboot_mode) {
1117 case REBOOT_COLD:
1118 val = REBOOT_COLD_STR;
1119 break;
1120 case REBOOT_WARM:
1121 val = REBOOT_WARM_STR;
1122 break;
1123 case REBOOT_HARD:
1124 val = REBOOT_HARD_STR;
1125 break;
1126 case REBOOT_SOFT:
1127 val = REBOOT_SOFT_STR;
1128 break;
1129 case REBOOT_GPIO:
1130 val = REBOOT_GPIO_STR;
1131 break;
1132 default:
1133 val = REBOOT_UNDEFINED_STR;
1134 }
1135
1136 return sprintf(buf, "%s\n", val);
1137 }
1138 static ssize_t mode_store(struct kobject *kobj, struct kobj_attribute *attr,
1139 const char *buf, size_t count)
1140 {
1141 if (!capable(CAP_SYS_BOOT))
1142 return -EPERM;
1143
1144 if (!strncmp(buf, REBOOT_COLD_STR, strlen(REBOOT_COLD_STR)))
1145 reboot_mode = REBOOT_COLD;
1146 else if (!strncmp(buf, REBOOT_WARM_STR, strlen(REBOOT_WARM_STR)))
1147 reboot_mode = REBOOT_WARM;
1148 else if (!strncmp(buf, REBOOT_HARD_STR, strlen(REBOOT_HARD_STR)))
1149 reboot_mode = REBOOT_HARD;
1150 else if (!strncmp(buf, REBOOT_SOFT_STR, strlen(REBOOT_SOFT_STR)))
1151 reboot_mode = REBOOT_SOFT;
1152 else if (!strncmp(buf, REBOOT_GPIO_STR, strlen(REBOOT_GPIO_STR)))
1153 reboot_mode = REBOOT_GPIO;
1154 else
1155 return -EINVAL;
1156
1157 reboot_default = 0;
1158
1159 return count;
1160 }
1161 static struct kobj_attribute reboot_mode_attr = __ATTR_RW(mode);
1162
1163 #ifdef CONFIG_X86
1164 static ssize_t force_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
1165 {
1166 return sprintf(buf, "%d\n", reboot_force);
1167 }
1168 static ssize_t force_store(struct kobject *kobj, struct kobj_attribute *attr,
1169 const char *buf, size_t count)
1170 {
1171 bool res;
1172
1173 if (!capable(CAP_SYS_BOOT))
1174 return -EPERM;
1175
1176 if (kstrtobool(buf, &res))
1177 return -EINVAL;
1178
1179 reboot_default = 0;
1180 reboot_force = res;
1181
1182 return count;
1183 }
1184 static struct kobj_attribute reboot_force_attr = __ATTR_RW(force);
1185
1186 static ssize_t type_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
1187 {
1188 const char *val;
1189
1190 switch (reboot_type) {
1191 case BOOT_TRIPLE:
1192 val = BOOT_TRIPLE_STR;
1193 break;
1194 case BOOT_KBD:
1195 val = BOOT_KBD_STR;
1196 break;
1197 case BOOT_BIOS:
1198 val = BOOT_BIOS_STR;
1199 break;
1200 case BOOT_ACPI:
1201 val = BOOT_ACPI_STR;
1202 break;
1203 case BOOT_EFI:
1204 val = BOOT_EFI_STR;
1205 break;
1206 case BOOT_CF9_FORCE:
1207 val = BOOT_PCI_STR;
1208 break;
1209 default:
1210 val = REBOOT_UNDEFINED_STR;
1211 }
1212
1213 return sprintf(buf, "%s\n", val);
1214 }
1215 static ssize_t type_store(struct kobject *kobj, struct kobj_attribute *attr,
1216 const char *buf, size_t count)
1217 {
1218 if (!capable(CAP_SYS_BOOT))
1219 return -EPERM;
1220
1221 if (!strncmp(buf, BOOT_TRIPLE_STR, strlen(BOOT_TRIPLE_STR)))
1222 reboot_type = BOOT_TRIPLE;
1223 else if (!strncmp(buf, BOOT_KBD_STR, strlen(BOOT_KBD_STR)))
1224 reboot_type = BOOT_KBD;
1225 else if (!strncmp(buf, BOOT_BIOS_STR, strlen(BOOT_BIOS_STR)))
1226 reboot_type = BOOT_BIOS;
1227 else if (!strncmp(buf, BOOT_ACPI_STR, strlen(BOOT_ACPI_STR)))
1228 reboot_type = BOOT_ACPI;
1229 else if (!strncmp(buf, BOOT_EFI_STR, strlen(BOOT_EFI_STR)))
1230 reboot_type = BOOT_EFI;
1231 else if (!strncmp(buf, BOOT_PCI_STR, strlen(BOOT_PCI_STR)))
1232 reboot_type = BOOT_CF9_FORCE;
1233 else
1234 return -EINVAL;
1235
1236 reboot_default = 0;
1237
1238 return count;
1239 }
1240 static struct kobj_attribute reboot_type_attr = __ATTR_RW(type);
1241 #endif
1242
1243 #ifdef CONFIG_SMP
1244 static ssize_t cpu_show(struct kobject *kobj, struct kobj_attribute *attr, char *buf)
1245 {
1246 return sprintf(buf, "%d\n", reboot_cpu);
1247 }
1248 static ssize_t cpu_store(struct kobject *kobj, struct kobj_attribute *attr,
1249 const char *buf, size_t count)
1250 {
1251 unsigned int cpunum;
1252 int rc;
1253
1254 if (!capable(CAP_SYS_BOOT))
1255 return -EPERM;
1256
1257 rc = kstrtouint(buf, 0, &cpunum);
1258
1259 if (rc)
1260 return rc;
1261
1262 if (cpunum >= num_possible_cpus())
1263 return -ERANGE;
1264
1265 reboot_default = 0;
1266 reboot_cpu = cpunum;
1267
1268 return count;
1269 }
1270 static struct kobj_attribute reboot_cpu_attr = __ATTR_RW(cpu);
1271 #endif
1272
1273 static struct attribute *reboot_attrs[] = {
1274 &reboot_mode_attr.attr,
1275 #ifdef CONFIG_X86
1276 &reboot_force_attr.attr,
1277 &reboot_type_attr.attr,
1278 #endif
1279 #ifdef CONFIG_SMP
1280 &reboot_cpu_attr.attr,
1281 #endif
1282 NULL,
1283 };
1284
1285 #ifdef CONFIG_SYSCTL
1286 static struct ctl_table kern_reboot_table[] = {
1287 {
1288 .procname = "poweroff_cmd",
1289 .data = &poweroff_cmd,
1290 .maxlen = POWEROFF_CMD_PATH_LEN,
1291 .mode = 0644,
1292 .proc_handler = proc_dostring,
1293 },
1294 {
1295 .procname = "ctrl-alt-del",
1296 .data = &C_A_D,
1297 .maxlen = sizeof(int),
1298 .mode = 0644,
1299 .proc_handler = proc_dointvec,
1300 },
1301 };
1302
1303 static void __init kernel_reboot_sysctls_init(void)
1304 {
1305 register_sysctl_init("kernel", kern_reboot_table);
1306 }
1307 #else
1308 #define kernel_reboot_sysctls_init() do { } while (0)
1309 #endif /* CONFIG_SYSCTL */
1310
1311 static const struct attribute_group reboot_attr_group = {
1312 .attrs = reboot_attrs,
1313 };
1314
1315 static int __init reboot_ksysfs_init(void)
1316 {
1317 struct kobject *reboot_kobj;
1318 int ret;
1319
1320 reboot_kobj = kobject_create_and_add("reboot", kernel_kobj);
1321 if (!reboot_kobj)
1322 return -ENOMEM;
1323
1324 ret = sysfs_create_group(reboot_kobj, &reboot_attr_group);
1325 if (ret) {
1326 kobject_put(reboot_kobj);
1327 return ret;
1328 }
1329
1330 kernel_reboot_sysctls_init();
1331
1332 return 0;
1333 }
1334 late_initcall(reboot_ksysfs_init);
1335
1336 #endif
1337
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.