1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #pragma ident "%Z%%M% %I% %E% SMI" 27 28 #include <sys/reboot.h> 29 #include <sys/systm.h> 30 #include <sys/archsystm.h> 31 #include <sys/machsystm.h> 32 #include <sys/promif.h> 33 #include <sys/promimpl.h> 34 #include <sys/prom_plat.h> 35 #include <sys/cpu_sgnblk_defs.h> 36 #include <sys/ivintr.h> 37 #include <sys/kdi.h> 38 #include <sys/callb.h> 39 #include <sys/wdt.h> 40 41 #ifdef TRAPTRACE 42 #include <sys/traptrace.h> 43 #endif /* TRAPTRACE */ 44 45 #ifdef C2_AUDIT 46 extern void audit_enterprom(); 47 extern void audit_exitprom(); 48 #endif /* C2_AUDIT */ 49 50 /* 51 * Platforms that use CPU signatures need to set cpu_sgn_func 52 * to point to a platform specific function. This needs to 53 * be done in set_platform_defaults() within the platmod. 54 */ 55 void (*cpu_sgn_func)(ushort_t, uchar_t, uchar_t, int) = NULL; 56 57 /* 58 * abort_seq_handler required by sysctrl. 59 */ 60 void debug_enter(char *); 61 void (*abort_seq_handler)(char *) = debug_enter; 62 63 /* 64 * Platform tunable to disable the h/w watchdog timer. 65 */ 66 extern void clear_watchdog_on_exit(void); 67 68 /* 69 * On sun4u platform, abort_sequence_enter() can be called at high PIL 70 * and we can't afford to acquire any adaptive mutex or use any 71 * condition variables as we are not allowed to sleep while running 72 * on interrupt stack. We work around this problem by posting a level 73 * 10 soft interrupt and then invoking the "abort_seq_handler" within 74 * that soft interrupt context. 75 * 76 * This has the side effect of not allowing us to drop into debugger 77 * when the kernel is stuck at high PIL (PIL > 10). It's better to 78 * be able to break into a hung system even if it means crashing the 79 * system. If a user presses L1-A more than once within a 15 seconds 80 * window, and the previous L1-A soft interrupt is still pending, then 81 * we directly invoke the abort_sequence_enter. 82 * 83 * Since the "msg" argument passed to abort_sequence_enter can refer 84 * to a message anywhere in memory, including stack, it's copied into 85 * abort_seq_msgbuf buffer for processing by the soft interrupt. 86 */ 87 88 #define ABORT_SEQ_MSGBUFSZ 256 89 #define FORCE_ABORT_SEQ_INTERVAL ((hrtime_t)15 * NANOSEC) 90 91 static kmutex_t abort_seq_lock; 92 static uint_t abort_seq_inum; /* abort seq softintr # */ 93 static hrtime_t abort_seq_tstamp; /* hrtime of last abort seq */ 94 static size_t abort_seq_msglen; /* abort seq message length */ 95 static char abort_seq_msgbuf[ABORT_SEQ_MSGBUFSZ]; 96 97 /*ARGSUSED0*/ 98 static uint_t 99 abort_seq_softintr(caddr_t arg) 100 { 101 char *msg; 102 char msgbuf[ABORT_SEQ_MSGBUFSZ]; 103 104 mutex_enter(&abort_seq_lock); 105 if (abort_enable != 0 && abort_seq_tstamp != 0LL) { 106 if (abort_seq_msglen > 0) { 107 bcopy(abort_seq_msgbuf, msgbuf, abort_seq_msglen); 108 msg = msgbuf; 109 } else 110 msg = NULL; 111 abort_seq_tstamp = 0LL; 112 mutex_exit(&abort_seq_lock); 113 #ifdef C2_AUDIT 114 if (audit_active) 115 audit_enterprom(1); 116 #endif /* C2_AUDIT */ 117 (*abort_seq_handler)(msg); 118 #ifdef C2_AUDIT 119 if (audit_active) 120 audit_exitprom(1); 121 #endif /* C2_AUDIT */ 122 } else { 123 mutex_exit(&abort_seq_lock); 124 #ifdef C2_AUDIT 125 if (audit_active) 126 audit_enterprom(0); 127 #endif /* C2_AUDIT */ 128 } 129 return (1); 130 } 131 132 void 133 abort_sequence_init(void) 134 { 135 mutex_init(&abort_seq_lock, NULL, MUTEX_SPIN, (void *)PIL_12); 136 abort_seq_tstamp = 0LL; 137 if (abort_seq_inum == 0) 138 abort_seq_inum = add_softintr(LOCK_LEVEL, 139 (softintrfunc)abort_seq_softintr, NULL); 140 } 141 142 /* 143 * Machine dependent abort sequence handling 144 */ 145 void 146 abort_sequence_enter(char *msg) 147 { 148 int s, on_intr; 149 size_t msglen; 150 hrtime_t tstamp; 151 152 if (abort_enable != 0) { 153 s = splhi(); 154 on_intr = CPU_ON_INTR(CPU) || (spltoipl(s) > LOCK_LEVEL); 155 splx(s); 156 157 tstamp = gethrtime(); 158 mutex_enter(&abort_seq_lock); 159 160 /* 161 * If we are on an interrupt stack and/or running at 162 * PIL > LOCK_LEVEL, then we post a softint and invoke 163 * abort_seq_handler from there as we can't afford to 164 * acquire any adaptive mutex here. However, if we 165 * already have a pending softint, which was posted 166 * within FORCE_ABORT_SEQ_INTERVAL duration, then we 167 * bypass softint approach as our softint may be blocked 168 * and the user really wants to drop into the debugger. 169 */ 170 if (on_intr && abort_seq_inum != 0 && 171 (abort_seq_tstamp == 0LL || tstamp > 172 (abort_seq_tstamp + FORCE_ABORT_SEQ_INTERVAL))) { 173 abort_seq_tstamp = tstamp; 174 if (msg != NULL) { 175 msglen = strlen(msg); 176 if (msglen >= ABORT_SEQ_MSGBUFSZ) 177 msglen = ABORT_SEQ_MSGBUFSZ - 1; 178 bcopy(msg, abort_seq_msgbuf, msglen); 179 abort_seq_msgbuf[msglen] = '\0'; 180 abort_seq_msglen = msglen + 1; 181 } else 182 abort_seq_msglen = 0; 183 mutex_exit(&abort_seq_lock); 184 setsoftint(abort_seq_inum); 185 } else { 186 /* 187 * Ignore any pending abort sequence softint 188 * as we are invoking the abort_seq_handler 189 * here. 190 */ 191 abort_seq_tstamp = 0LL; 192 mutex_exit(&abort_seq_lock); 193 #ifdef C2_AUDIT 194 if (!on_intr && audit_active) 195 audit_enterprom(1); 196 #endif /* C2_AUDIT */ 197 (*abort_seq_handler)(msg); 198 #ifdef C2_AUDIT 199 if (!on_intr && audit_active) 200 audit_exitprom(1); 201 #endif /* C2_AUDIT */ 202 } 203 } else { 204 #ifdef C2_AUDIT 205 if (audit_active) 206 audit_enterprom(0); 207 #endif /* C2_AUDIT */ 208 } 209 } 210 211 /* 212 * Enter debugger. Called when the user types L1-A or break or whenever 213 * code wants to enter the debugger and possibly resume later. 214 * If the debugger isn't present, enter the PROM monitor. 215 * 216 * If console is a framebuffer which is powered off, it will be powered up 217 * before jumping to the debugger. If we are called above lock level, a 218 * softint is triggered to reenter this code and allow the fb to be powered 219 * up as in the less than lock level case. If this code is entered at greater 220 * than lock level and the fb is not already powered up, the msg argument 221 * will not be displayed. 222 */ 223 void 224 debug_enter(char *msg) 225 { 226 label_t old_pcb; 227 int s; 228 extern void pm_cfb_powerup(void); 229 extern void pm_cfb_rele(void); 230 extern void pm_cfb_trigger(void); 231 extern int pm_cfb_check_and_hold(void); 232 233 /* 234 * For platforms that use CPU signatures, update the signature 235 * to indicate that we are entering the debugger if we are in 236 * the middle of a panic flow. 237 */ 238 if (panicstr) 239 CPU_SIGNATURE(OS_SIG, SIGST_EXIT, SIGSUBST_DEBUG, -1); 240 241 if (!panicstr) 242 (void) callb_execute_class(CB_CL_ENTER_DEBUGGER, 0); 243 244 if (pm_cfb_check_and_hold()) 245 if (getpil() > LOCK_LEVEL) { 246 pm_cfb_trigger(); 247 return; 248 } else 249 pm_cfb_powerup(); 250 if (msg) 251 prom_printf("%s\n", msg); 252 253 clear_watchdog_on_exit(); 254 255 if ((s = getpil()) < ipltospl(12)) 256 s = splzs(); 257 258 old_pcb = curthread->t_pcb; 259 (void) setjmp(&curthread->t_pcb); 260 261 if (boothowto & RB_DEBUG) 262 kdi_dvec_enter(); 263 else 264 prom_enter_mon(); 265 266 restore_watchdog_on_entry(); 267 268 curthread->t_pcb = old_pcb; 269 splx(s); 270 pm_cfb_rele(); 271 272 if (!panicstr) 273 (void) callb_execute_class(CB_CL_ENTER_DEBUGGER, 1); 274 275 if (panicstr) 276 CPU_SIGNATURE(OS_SIG, SIGST_EXIT, SIGSUBST_PANIC_CONT, -1); 277 } 278 279 /* 280 * Halt the machine and return to the monitor 281 */ 282 void 283 halt(char *s) 284 { 285 flush_windows(); 286 stop_other_cpus(); /* send stop signal to other CPUs */ 287 288 if (s) 289 prom_printf("(%s) ", s); 290 291 /* 292 * For Platforms that use CPU signatures, we 293 * need to set the signature block to OS and 294 * the state to exiting for all the processors. 295 */ 296 CPU_SIGNATURE(OS_SIG, SIGST_EXIT, SIGSUBST_HALT, -1); 297 prom_exit_to_mon(); 298 /*NOTREACHED*/ 299 } 300 301 /* 302 * Halt the machine and power off the system. 303 */ 304 void 305 power_down(const char *s) 306 { 307 flush_windows(); 308 stop_other_cpus(); /* send stop signal to other CPUs */ 309 310 if (s != NULL) 311 prom_printf("(%s) ", s); 312 313 /* 314 * For platforms that use CPU signatures, we need to set up the 315 * signature blocks to indicate that we have an environmental 316 * interrupt request to power down, and then exit to the prom monitor. 317 */ 318 CPU_SIGNATURE(OS_SIG, SIGST_EXIT, SIGSUBST_ENVIRON, -1); 319 prom_power_off(); 320 /* 321 * If here is reached, for some reason prom's power-off command failed. 322 * Prom should have already printed out error messages. Exit to 323 * firmware. 324 */ 325 prom_exit_to_mon(); 326 /*NOTREACHED*/ 327 } 328 329 void 330 do_shutdown(void) 331 { 332 proc_t *initpp; 333 334 /* 335 * If we're still booting and init(1) isn't set up yet, simply halt. 336 */ 337 mutex_enter(&pidlock); 338 initpp = prfind(P_INITPID); 339 mutex_exit(&pidlock); 340 if (initpp == NULL) { 341 extern void halt(char *); 342 prom_power_off(); 343 halt("Power off the System"); /* just in case */ 344 } 345 346 /* 347 * else, graceful shutdown with inittab and all getting involved 348 */ 349 psignal(initpp, SIGPWR); 350 } 351