1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <sys/reboot.h> 30 #include <sys/systm.h> 31 #include <sys/archsystm.h> 32 #include <sys/machsystm.h> 33 #include <sys/promif.h> 34 #include <sys/promimpl.h> 35 #include <sys/prom_plat.h> 36 #include <sys/cpu_sgnblk_defs.h> 37 #include <sys/ivintr.h> 38 #include <sys/kdi.h> 39 #include <sys/callb.h> 40 41 #ifdef TRAPTRACE 42 #include <sys/traptrace.h> 43 #endif /* TRAPTRACE */ 44 45 #ifdef C2_AUDIT 46 extern void audit_enterprom(); 47 extern void audit_exitprom(); 48 #endif /* C2_AUDIT */ 49 50 /* 51 * Platforms that use CPU signatures need to set cpu_sgn_func 52 * to point to a platform specific function. This needs to 53 * be done in set_platform_defaults() within the platmod. 54 */ 55 void (*cpu_sgn_func)(ushort_t, uchar_t, uchar_t, int) = NULL; 56 57 /* 58 * abort_seq_handler required by sysctrl. 59 */ 60 void debug_enter(char *); 61 void (*abort_seq_handler)(char *) = debug_enter; 62 63 /* 64 * Platform tunable to disable the h/w watchdog timer. 65 */ 66 int disable_watchdog_on_exit = 0; 67 extern void clear_watchdog_on_exit(void); 68 69 70 /* 71 * On sun4u platform, abort_sequence_enter() can be called at high PIL 72 * and we can't afford to acquire any adaptive mutex or use any 73 * condition variables as we are not allowed to sleep while running 74 * on interrupt stack. We work around this problem by posting a level 75 * 10 soft interrupt and then invoking the "abort_seq_handler" within 76 * that soft interrupt context. 77 * 78 * This has the side effect of not allowing us to drop into debugger 79 * when the kernel is stuck at high PIL (PIL > 10). It's better to 80 * be able to break into a hung system even if it means crashing the 81 * system. If a user presses L1-A more than once within a 15 seconds 82 * window, and the previous L1-A soft interrupt is still pending, then 83 * we directly invoke the abort_sequence_enter. 84 * 85 * Since the "msg" argument passed to abort_sequence_enter can refer 86 * to a message anywhere in memory, including stack, it's copied into 87 * abort_seq_msgbuf buffer for processing by the soft interrupt. 88 */ 89 90 #define ABORT_SEQ_MSGBUFSZ 256 91 #define FORCE_ABORT_SEQ_INTERVAL ((hrtime_t)15 * NANOSEC) 92 93 static kmutex_t abort_seq_lock; 94 static uint_t abort_seq_inum; /* abort seq softintr # */ 95 static hrtime_t abort_seq_tstamp; /* hrtime of last abort seq */ 96 static size_t abort_seq_msglen; /* abort seq message length */ 97 static char abort_seq_msgbuf[ABORT_SEQ_MSGBUFSZ]; 98 99 /*ARGSUSED0*/ 100 static uint_t 101 abort_seq_softintr(caddr_t arg) 102 { 103 char *msg; 104 char msgbuf[ABORT_SEQ_MSGBUFSZ]; 105 106 mutex_enter(&abort_seq_lock); 107 if (abort_enable != 0 && abort_seq_tstamp != 0LL) { 108 if (abort_seq_msglen > 0) { 109 bcopy(abort_seq_msgbuf, msgbuf, abort_seq_msglen); 110 msg = msgbuf; 111 } else 112 msg = NULL; 113 abort_seq_tstamp = 0LL; 114 mutex_exit(&abort_seq_lock); 115 #ifdef C2_AUDIT 116 if (audit_active) 117 audit_enterprom(1); 118 #endif /* C2_AUDIT */ 119 (*abort_seq_handler)(msg); 120 #ifdef C2_AUDIT 121 if (audit_active) 122 audit_exitprom(1); 123 #endif /* C2_AUDIT */ 124 } else { 125 mutex_exit(&abort_seq_lock); 126 #ifdef C2_AUDIT 127 if (audit_active) 128 audit_enterprom(0); 129 #endif /* C2_AUDIT */ 130 } 131 return (1); 132 } 133 134 void 135 abort_sequence_init(void) 136 { 137 mutex_init(&abort_seq_lock, NULL, MUTEX_SPIN, (void *)PIL_12); 138 abort_seq_tstamp = 0LL; 139 if (abort_seq_inum == 0) 140 abort_seq_inum = add_softintr(LOCK_LEVEL, 141 (softintrfunc)abort_seq_softintr, NULL); 142 } 143 144 /* 145 * Machine dependent abort sequence handling 146 */ 147 void 148 abort_sequence_enter(char *msg) 149 { 150 int s, on_intr; 151 size_t msglen; 152 hrtime_t tstamp; 153 154 if (abort_enable != 0) { 155 s = splhi(); 156 on_intr = CPU_ON_INTR(CPU) || (spltoipl(s) > LOCK_LEVEL); 157 splx(s); 158 159 tstamp = gethrtime(); 160 mutex_enter(&abort_seq_lock); 161 162 /* 163 * If we are on an interrupt stack and/or running at 164 * PIL > LOCK_LEVEL, then we post a softint and invoke 165 * abort_seq_handler from there as we can't afford to 166 * acquire any adaptive mutex here. However, if we 167 * already have a pending softint, which was posted 168 * within FORCE_ABORT_SEQ_INTERVAL duration, then we 169 * bypass softint approach as our softint may be blocked 170 * and the user really wants to drop into the debugger. 171 */ 172 if (on_intr && abort_seq_inum != 0 && 173 (abort_seq_tstamp == 0LL || tstamp > 174 (abort_seq_tstamp + FORCE_ABORT_SEQ_INTERVAL))) { 175 abort_seq_tstamp = tstamp; 176 if (msg != NULL) { 177 msglen = strlen(msg); 178 if (msglen >= ABORT_SEQ_MSGBUFSZ) 179 msglen = ABORT_SEQ_MSGBUFSZ - 1; 180 bcopy(msg, abort_seq_msgbuf, msglen); 181 abort_seq_msgbuf[msglen] = '\0'; 182 abort_seq_msglen = msglen + 1; 183 } else 184 abort_seq_msglen = 0; 185 mutex_exit(&abort_seq_lock); 186 setsoftint(abort_seq_inum); 187 } else { 188 /* 189 * Ignore any pending abort sequence softint 190 * as we are invoking the abort_seq_handler 191 * here. 192 */ 193 abort_seq_tstamp = 0LL; 194 mutex_exit(&abort_seq_lock); 195 #ifdef C2_AUDIT 196 if (!on_intr && audit_active) 197 audit_enterprom(1); 198 #endif /* C2_AUDIT */ 199 (*abort_seq_handler)(msg); 200 #ifdef C2_AUDIT 201 if (!on_intr && audit_active) 202 audit_exitprom(1); 203 #endif /* C2_AUDIT */ 204 } 205 } else { 206 #ifdef C2_AUDIT 207 if (audit_active) 208 audit_enterprom(0); 209 #endif /* C2_AUDIT */ 210 } 211 } 212 213 /* 214 * Enter debugger. Called when the user types L1-A or break or whenever 215 * code wants to enter the debugger and possibly resume later. 216 * If the debugger isn't present, enter the PROM monitor. 217 * 218 * If console is a framebuffer which is powered off, it will be powered up 219 * before jumping to the debugger. If we are called above lock level, a 220 * softint is triggered to reenter this code and allow the fb to be powered 221 * up as in the less than lock level case. If this code is entered at greater 222 * than lock level and the fb is not already powered up, the msg argument 223 * will not be displayed. 224 */ 225 void 226 debug_enter(char *msg) 227 { 228 label_t old_pcb; 229 int s; 230 extern void pm_cfb_powerup(void); 231 extern void pm_cfb_rele(void); 232 extern void pm_cfb_trigger(void); 233 extern int pm_cfb_check_and_hold(void); 234 235 /* 236 * For platforms that use CPU signatures, update the signature 237 * to indicate that we are entering the debugger if we are in 238 * the middle of a panic flow. 239 */ 240 if (panicstr) 241 CPU_SIGNATURE(OS_SIG, SIGST_EXIT, SIGSUBST_DEBUG, -1); 242 243 if (!panicstr) 244 (void) callb_execute_class(CB_CL_ENTER_DEBUGGER, 0); 245 246 if (pm_cfb_check_and_hold()) 247 if (getpil() > LOCK_LEVEL) { 248 pm_cfb_trigger(); 249 return; 250 } else 251 pm_cfb_powerup(); 252 if (msg) 253 prom_printf("%s\n", msg); 254 255 clear_watchdog_on_exit(); 256 257 if ((s = getpil()) < ipltospl(12)) 258 s = splzs(); 259 260 old_pcb = curthread->t_pcb; 261 (void) setjmp(&curthread->t_pcb); 262 263 if (boothowto & RB_DEBUG) 264 kdi_dvec_enter(); 265 else 266 prom_enter_mon(); 267 268 curthread->t_pcb = old_pcb; 269 splx(s); 270 pm_cfb_rele(); 271 272 if (!panicstr) 273 (void) callb_execute_class(CB_CL_ENTER_DEBUGGER, 1); 274 275 if (panicstr) 276 CPU_SIGNATURE(OS_SIG, SIGST_EXIT, SIGSUBST_PANIC_CONT, -1); 277 } 278 279 /* 280 * Halt the machine and return to the monitor 281 */ 282 void 283 halt(char *s) 284 { 285 flush_windows(); 286 stop_other_cpus(); /* send stop signal to other CPUs */ 287 288 if (s) 289 prom_printf("(%s) ", s); 290 291 /* 292 * For Platforms that use CPU signatures, we 293 * need to set the signature block to OS and 294 * the state to exiting for all the processors. 295 */ 296 CPU_SIGNATURE(OS_SIG, SIGST_EXIT, SIGSUBST_HALT, -1); 297 prom_exit_to_mon(); 298 /*NOTREACHED*/ 299 } 300 301 /* 302 * Halt the machine and power off the system. 303 */ 304 void 305 power_down(const char *s) 306 { 307 flush_windows(); 308 stop_other_cpus(); /* send stop signal to other CPUs */ 309 310 if (s != NULL) 311 prom_printf("(%s) ", s); 312 313 /* 314 * For platforms that use CPU signatures, we need to set up the 315 * signature blocks to indicate that we have an environmental 316 * interrupt request to power down, and then exit to the prom monitor. 317 */ 318 CPU_SIGNATURE(OS_SIG, SIGST_EXIT, SIGSUBST_ENVIRON, -1); 319 prom_power_off(); 320 /* 321 * If here is reached, for some reason prom's power-off command failed. 322 * Prom should have already printed out error messages. Exit to 323 * firmware. 324 */ 325 prom_exit_to_mon(); 326 /*NOTREACHED*/ 327 } 328 329 void 330 do_shutdown(void) 331 { 332 proc_t *initpp; 333 334 /* 335 * If we're still booting and init(1) isn't set up yet, simply halt. 336 */ 337 mutex_enter(&pidlock); 338 initpp = prfind(P_INITPID); 339 mutex_exit(&pidlock); 340 if (initpp == NULL) { 341 extern void halt(char *); 342 prom_power_off(); 343 halt("Power off the System"); /* just in case */ 344 } 345 346 /* 347 * else, graceful shutdown with inittab and all getting involved 348 */ 349 psignal(initpp, SIGPWR); 350 } 351