]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - kernel/panic.c
projects / mirror_ubuntu-zesty-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
kernel/panic.c: add "crash_kexec_post_notifiers" option for kdump after panic_notifers
[mirror_ubuntu-zesty-kernel.git] / kernel / panic.c
1 /*
2 * linux/kernel/panic.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7 /*
8 * This function is used through-out the kernel (including mm and fs)
9 * to indicate a major problem.
10 */
11 #include <linux/debug_locks.h>
12 #include <linux/interrupt.h>
13 #include <linux/kmsg_dump.h>
14 #include <linux/kallsyms.h>
15 #include <linux/notifier.h>
16 #include <linux/module.h>
17 #include <linux/random.h>
18 #include <linux/ftrace.h>
19 #include <linux/reboot.h>
20 #include <linux/delay.h>
21 #include <linux/kexec.h>
22 #include <linux/sched.h>
23 #include <linux/sysrq.h>
24 #include <linux/init.h>
25 #include <linux/nmi.h>
26
27 #define PANIC_TIMER_STEP 100
28 #define PANIC_BLINK_SPD 18
29
30 int panic_on_oops = CONFIG_PANIC_ON_OOPS_VALUE;
31 static unsigned long tainted_mask;
32 static int pause_on_oops;
33 static int pause_on_oops_flag;
34 static DEFINE_SPINLOCK(pause_on_oops_lock);
35 static bool crash_kexec_post_notifiers;
36
37 int panic_timeout = CONFIG_PANIC_TIMEOUT;
38 EXPORT_SYMBOL_GPL(panic_timeout);
39
40 ATOMIC_NOTIFIER_HEAD(panic_notifier_list);
41
42 EXPORT_SYMBOL(panic_notifier_list);
43
44 static long no_blink(int state)
45 {
46 return 0;
47 }
48
49 /* Returns how long it waited in ms */
50 long (*panic_blink)(int state);
51 EXPORT_SYMBOL(panic_blink);
52
53 /*
54 * Stop ourself in panic -- architecture code may override this
55 */
56 void __weak panic_smp_self_stop(void)
57 {
58 while (1)
59 cpu_relax();
60 }
61
62 /**
63 * panic - halt the system
64 * @fmt: The text string to print
65 *
66 * Display a message, then perform cleanups.
67 *
68 * This function never returns.
69 */
70 void panic(const char *fmt, ...)
71 {
72 static DEFINE_SPINLOCK(panic_lock);
73 static char buf[1024];
74 va_list args;
75 long i, i_next = 0;
76 int state = 0;
77
78 /*
79 * Disable local interrupts. This will prevent panic_smp_self_stop
80 * from deadlocking the first cpu that invokes the panic, since
81 * there is nothing to prevent an interrupt handler (that runs
82 * after the panic_lock is acquired) from invoking panic again.
83 */
84 local_irq_disable();
85
86 /*
87 * It's possible to come here directly from a panic-assertion and
88 * not have preempt disabled. Some functions called from here want
89 * preempt to be disabled. No point enabling it later though...
90 *
91 * Only one CPU is allowed to execute the panic code from here. For
92 * multiple parallel invocations of panic, all other CPUs either
93 * stop themself or will wait until they are stopped by the 1st CPU
94 * with smp_send_stop().
95 */
96 if (!spin_trylock(&panic_lock))
97 panic_smp_self_stop();
98
99 console_verbose();
100 bust_spinlocks(1);
101 va_start(args, fmt);
102 vsnprintf(buf, sizeof(buf), fmt, args);
103 va_end(args);
104 pr_emerg("Kernel panic - not syncing: %s\n", buf);
105 #ifdef CONFIG_DEBUG_BUGVERBOSE
106 /*
107 * Avoid nested stack-dumping if a panic occurs during oops processing
108 */
109 if (!test_taint(TAINT_DIE) && oops_in_progress <= 1)
110 dump_stack();
111 #endif
112
113 /*
114 * If we have crashed and we have a crash kernel loaded let it handle
115 * everything else.
116 * If we want to run this after calling panic_notifiers, pass
117 * the "crash_kexec_post_notifiers" option to the kernel.
118 */
119 if (!crash_kexec_post_notifiers)
120 crash_kexec(NULL);
121
122 /*
123 * Note smp_send_stop is the usual smp shutdown function, which
124 * unfortunately means it may not be hardened to work in a panic
125 * situation.
126 */
127 smp_send_stop();
128
129 /*
130 * Run any panic handlers, including those that might need to
131 * add information to the kmsg dump output.
132 */
133 atomic_notifier_call_chain(&panic_notifier_list, 0, buf);
134
135 kmsg_dump(KMSG_DUMP_PANIC);
136
137 /*
138 * If you doubt kdump always works fine in any situation,
139 * "crash_kexec_post_notifiers" offers you a chance to run
140 * panic_notifiers and dumping kmsg before kdump.
141 * Note: since some panic_notifiers can make crashed kernel
142 * more unstable, it can increase risks of the kdump failure too.
143 */
144 crash_kexec(NULL);
145
146 bust_spinlocks(0);
147
148 if (!panic_blink)
149 panic_blink = no_blink;
150
151 if (panic_timeout > 0) {
152 /*
153 * Delay timeout seconds before rebooting the machine.
154 * We can't use the "normal" timers since we just panicked.
155 */
156 pr_emerg("Rebooting in %d seconds..", panic_timeout);
157
158 for (i = 0; i < panic_timeout * 1000; i += PANIC_TIMER_STEP) {
159 touch_nmi_watchdog();
160 if (i >= i_next) {
161 i += panic_blink(state ^= 1);
162 i_next = i + 3600 / PANIC_BLINK_SPD;
163 }
164 mdelay(PANIC_TIMER_STEP);
165 }
166 }
167 if (panic_timeout != 0) {
168 /*
169 * This will not be a clean reboot, with everything
170 * shutting down. But if there is a chance of
171 * rebooting the system it will be rebooted.
172 */
173 emergency_restart();
174 }
175 #ifdef __sparc__
176 {
177 extern int stop_a_enabled;
178 /* Make sure the user can actually press Stop-A (L1-A) */
179 stop_a_enabled = 1;
180 pr_emerg("Press Stop-A (L1-A) to return to the boot prom\n");
181 }
182 #endif
183 #if defined(CONFIG_S390)
184 {
185 unsigned long caller;
186
187 caller = (unsigned long)__builtin_return_address(0);
188 disabled_wait(caller);
189 }
190 #endif
191 pr_emerg("---[ end Kernel panic - not syncing: %s\n", buf);
192 local_irq_enable();
193 for (i = 0; ; i += PANIC_TIMER_STEP) {
194 touch_softlockup_watchdog();
195 if (i >= i_next) {
196 i += panic_blink(state ^= 1);
197 i_next = i + 3600 / PANIC_BLINK_SPD;
198 }
199 mdelay(PANIC_TIMER_STEP);
200 }
201 }
202
203 EXPORT_SYMBOL(panic);
204
205
206 struct tnt {
207 u8 bit;
208 char true;
209 char false;
210 };
211
212 static const struct tnt tnts[] = {
213 { TAINT_PROPRIETARY_MODULE, 'P', 'G' },
214 { TAINT_FORCED_MODULE, 'F', ' ' },
215 { TAINT_CPU_OUT_OF_SPEC, 'S', ' ' },
216 { TAINT_FORCED_RMMOD, 'R', ' ' },
217 { TAINT_MACHINE_CHECK, 'M', ' ' },
218 { TAINT_BAD_PAGE, 'B', ' ' },
219 { TAINT_USER, 'U', ' ' },
220 { TAINT_DIE, 'D', ' ' },
221 { TAINT_OVERRIDDEN_ACPI_TABLE, 'A', ' ' },
222 { TAINT_WARN, 'W', ' ' },
223 { TAINT_CRAP, 'C', ' ' },
224 { TAINT_FIRMWARE_WORKAROUND, 'I', ' ' },
225 { TAINT_OOT_MODULE, 'O', ' ' },
226 { TAINT_UNSIGNED_MODULE, 'E', ' ' },
227 };
228
229 /**
230 * print_tainted - return a string to represent the kernel taint state.
231 *
232 * 'P' - Proprietary module has been loaded.
233 * 'F' - Module has been forcibly loaded.
234 * 'S' - SMP with CPUs not designed for SMP.
235 * 'R' - User forced a module unload.
236 * 'M' - System experienced a machine check exception.
237 * 'B' - System has hit bad_page.
238 * 'U' - Userspace-defined naughtiness.
239 * 'D' - Kernel has oopsed before
240 * 'A' - ACPI table overridden.
241 * 'W' - Taint on warning.
242 * 'C' - modules from drivers/staging are loaded.
243 * 'I' - Working around severe firmware bug.
244 * 'O' - Out-of-tree module has been loaded.
245 * 'E' - Unsigned module has been loaded.
246 *
247 * The string is overwritten by the next call to print_tainted().
248 */
249 const char *print_tainted(void)
250 {
251 static char buf[ARRAY_SIZE(tnts) + sizeof("Tainted: ")];
252
253 if (tainted_mask) {
254 char *s;
255 int i;
256
257 s = buf + sprintf(buf, "Tainted: ");
258 for (i = 0; i < ARRAY_SIZE(tnts); i++) {
259 const struct tnt *t = &tnts[i];
260 *s++ = test_bit(t->bit, &tainted_mask) ?
261 t->true : t->false;
262 }
263 *s = 0;
264 } else
265 snprintf(buf, sizeof(buf), "Not tainted");
266
267 return buf;
268 }
269
270 int test_taint(unsigned flag)
271 {
272 return test_bit(flag, &tainted_mask);
273 }
274 EXPORT_SYMBOL(test_taint);
275
276 unsigned long get_taint(void)
277 {
278 return tainted_mask;
279 }
280
281 /**
282 * add_taint: add a taint flag if not already set.
283 * @flag: one of the TAINT_* constants.
284 * @lockdep_ok: whether lock debugging is still OK.
285 *
286 * If something bad has gone wrong, you'll want @lockdebug_ok = false, but for
287 * some notewortht-but-not-corrupting cases, it can be set to true.
288 */
289 void add_taint(unsigned flag, enum lockdep_ok lockdep_ok)
290 {
291 if (lockdep_ok == LOCKDEP_NOW_UNRELIABLE && __debug_locks_off())
292 pr_warn("Disabling lock debugging due to kernel taint\n");
293
294 set_bit(flag, &tainted_mask);
295 }
296 EXPORT_SYMBOL(add_taint);
297
298 static void spin_msec(int msecs)
299 {
300 int i;
301
302 for (i = 0; i < msecs; i++) {
303 touch_nmi_watchdog();
304 mdelay(1);
305 }
306 }
307
308 /*
309 * It just happens that oops_enter() and oops_exit() are identically
310 * implemented...
311 */
312 static void do_oops_enter_exit(void)
313 {
314 unsigned long flags;
315 static int spin_counter;
316
317 if (!pause_on_oops)
318 return;
319
320 spin_lock_irqsave(&pause_on_oops_lock, flags);
321 if (pause_on_oops_flag == 0) {
322 /* This CPU may now print the oops message */
323 pause_on_oops_flag = 1;
324 } else {
325 /* We need to stall this CPU */
326 if (!spin_counter) {
327 /* This CPU gets to do the counting */
328 spin_counter = pause_on_oops;
329 do {
330 spin_unlock(&pause_on_oops_lock);
331 spin_msec(MSEC_PER_SEC);
332 spin_lock(&pause_on_oops_lock);
333 } while (--spin_counter);
334 pause_on_oops_flag = 0;
335 } else {
336 /* This CPU waits for a different one */
337 while (spin_counter) {
338 spin_unlock(&pause_on_oops_lock);
339 spin_msec(1);
340 spin_lock(&pause_on_oops_lock);
341 }
342 }
343 }
344 spin_unlock_irqrestore(&pause_on_oops_lock, flags);
345 }
346
347 /*
348 * Return true if the calling CPU is allowed to print oops-related info.
349 * This is a bit racy..
350 */
351 int oops_may_print(void)
352 {
353 return pause_on_oops_flag == 0;
354 }
355
356 /*
357 * Called when the architecture enters its oops handler, before it prints
358 * anything. If this is the first CPU to oops, and it's oopsing the first
359 * time then let it proceed.
360 *
361 * This is all enabled by the pause_on_oops kernel boot option. We do all
362 * this to ensure that oopses don't scroll off the screen. It has the
363 * side-effect of preventing later-oopsing CPUs from mucking up the display,
364 * too.
365 *
366 * It turns out that the CPU which is allowed to print ends up pausing for
367 * the right duration, whereas all the other CPUs pause for twice as long:
368 * once in oops_enter(), once in oops_exit().
369 */
370 void oops_enter(void)
371 {
372 tracing_off();
373 /* can't trust the integrity of the kernel anymore: */
374 debug_locks_off();
375 do_oops_enter_exit();
376 }
377
378 /*
379 * 64-bit random ID for oopses:
380 */
381 static u64 oops_id;
382
383 static int init_oops_id(void)
384 {
385 if (!oops_id)
386 get_random_bytes(&oops_id, sizeof(oops_id));
387 else
388 oops_id++;
389
390 return 0;
391 }
392 late_initcall(init_oops_id);
393
394 void print_oops_end_marker(void)
395 {
396 init_oops_id();
397 pr_warn("---[ end trace %016llx ]---\n", (unsigned long long)oops_id);
398 }
399
400 /*
401 * Called when the architecture exits its oops handler, after printing
402 * everything.
403 */
404 void oops_exit(void)
405 {
406 do_oops_enter_exit();
407 print_oops_end_marker();
408 kmsg_dump(KMSG_DUMP_OOPS);
409 }
410
411 #ifdef WANT_WARN_ON_SLOWPATH
412 struct slowpath_args {
413 const char *fmt;
414 va_list args;
415 };
416
417 static void warn_slowpath_common(const char *file, int line, void *caller,
418 unsigned taint, struct slowpath_args *args)
419 {
420 disable_trace_on_warning();
421
422 pr_warn("------------[ cut here ]------------\n");
423 pr_warn("WARNING: CPU: %d PID: %d at %s:%d %pS()\n",
424 raw_smp_processor_id(), current->pid, file, line, caller);
425
426 if (args)
427 vprintk(args->fmt, args->args);
428
429 print_modules();
430 dump_stack();
431 print_oops_end_marker();
432 /* Just a warning, don't kill lockdep. */
433 add_taint(taint, LOCKDEP_STILL_OK);
434 }
435
436 void warn_slowpath_fmt(const char *file, int line, const char *fmt, ...)
437 {
438 struct slowpath_args args;
439
440 args.fmt = fmt;
441 va_start(args.args, fmt);
442 warn_slowpath_common(file, line, __builtin_return_address(0),
443 TAINT_WARN, &args);
444 va_end(args.args);
445 }
446 EXPORT_SYMBOL(warn_slowpath_fmt);
447
448 void warn_slowpath_fmt_taint(const char *file, int line,
449 unsigned taint, const char *fmt, ...)
450 {
451 struct slowpath_args args;
452
453 args.fmt = fmt;
454 va_start(args.args, fmt);
455 warn_slowpath_common(file, line, __builtin_return_address(0),
456 taint, &args);
457 va_end(args.args);
458 }
459 EXPORT_SYMBOL(warn_slowpath_fmt_taint);
460
461 void warn_slowpath_null(const char *file, int line)
462 {
463 warn_slowpath_common(file, line, __builtin_return_address(0),
464 TAINT_WARN, NULL);
465 }
466 EXPORT_SYMBOL(warn_slowpath_null);
467 #endif
468
469 #ifdef CONFIG_CC_STACKPROTECTOR
470
471 /*
472 * Called when gcc's -fstack-protector feature is used, and
473 * gcc detects corruption of the on-stack canary value
474 */
475 __visible void __stack_chk_fail(void)
476 {
477 panic("stack-protector: Kernel stack is corrupted in: %p\n",
478 __builtin_return_address(0));
479 }
480 EXPORT_SYMBOL(__stack_chk_fail);
481
482 #endif
483
484 core_param(panic, panic_timeout, int, 0644);
485 core_param(pause_on_oops, pause_on_oops, int, 0644);
486
487 static int __init setup_crash_kexec_post_notifiers(char *s)
488 {
489 crash_kexec_post_notifiers = true;
490 return 0;
491 }
492 early_param("crash_kexec_post_notifiers", setup_crash_kexec_post_notifiers);
493
494 static int __init oops_setup(char *s)
495 {
496 if (!s)
497 return -EINVAL;
498 if (!strcmp(s, "panic"))
499 panic_on_oops = 1;
500 return 0;
501 }
502 early_param("oops", oops_setup);
ubuntu-zesty-kernel mirror