The branch main has been updated by mhorne:
URL:
https://cgit.FreeBSD.org/src/commit/?id=4eb861d362d6a9493df7f77eab8e28f9c826702a
commit 4eb861d362d6a9493df7f77eab8e28f9c826702a
Author: Mitchell Horne <mho...@freebsd.org>
AuthorDate: 2023-11-23 15:58:27 +0000
Commit: Mitchell Horne <mho...@freebsd.org>
CommitDate: 2023-11-23 16:07:42 +0000
shutdown: audit shutdown_post_sync event callbacks
Ensure they are all panic/debugger safe.
Most handlers for this event are for disk drivers/geom modules. There
are a mix of checks being used here (or not), so let's standardize on
checking the presence of the RB_NOSYNC flag.
This flag is set whenever:
1. The kernel has panicked and kern.sync_on_panic=0*
2. We reboot from within the kernel debugger (the "reset" command)
3. Userspace requested it, e.g. by 'reboot -n'
Name the functions consistently.
*This sysctl is tuned to zero by default, but its existence means that
these handlers can be executed after a panic, at the user's discretion.
IMO this use-case is implicitly understood to be risky, and we'd be
better off eliminating it altogether.
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D42337
---
sys/dev/iscsi/iscsi.c | 8 +++++---
sys/geom/journal/g_journal.c | 8 +++++---
sys/geom/mirror/g_mirror.c | 3 ++-
sys/geom/raid/g_raid.c | 4 ++++
sys/geom/raid3/g_raid3.c | 4 ++++
5 files changed, 20 insertions(+), 7 deletions(-)
diff --git a/sys/dev/iscsi/iscsi.c b/sys/dev/iscsi/iscsi.c
index ecf4fe21a165..311b339caf7a 100644
--- a/sys/dev/iscsi/iscsi.c
+++ b/sys/dev/iscsi/iscsi.c
@@ -44,11 +44,13 @@
#include <sys/mbuf.h>
#include <sys/mutex.h>
#include <sys/module.h>
+#include <sys/reboot.h>
#include <sys/socket.h>
#include <sys/sockopt.h>
#include <sys/sysctl.h>
#include <sys/systm.h>
#include <sys/sx.h>
+
#include <vm/uma.h>
#include <cam/cam.h>
@@ -2711,10 +2713,10 @@ iscsi_shutdown_pre(struct iscsi_softc *sc)
}
static void
-iscsi_shutdown_post(struct iscsi_softc *sc)
+iscsi_shutdown_post_sync(struct iscsi_softc *sc, int howto)
{
- if (!KERNEL_PANICKED()) {
+ if ((howto & RB_NOSYNC) == 0) {
ISCSI_DEBUG("removing all sessions due to shutdown");
iscsi_terminate_sessions(sc);
}
@@ -2751,7 +2753,7 @@ iscsi_load(void)
* cam_periph_runccb().
*/
sc->sc_shutdown_post_eh = EVENTHANDLER_REGISTER(shutdown_post_sync,
- iscsi_shutdown_post, sc, SHUTDOWN_PRI_DEFAULT - 1);
+ iscsi_shutdown_post_sync, sc, SHUTDOWN_PRI_DEFAULT - 1);
return (0);
}
diff --git a/sys/geom/journal/g_journal.c b/sys/geom/journal/g_journal.c
index 147e83cc7e21..11a75e541fda 100644
--- a/sys/geom/journal/g_journal.c
+++ b/sys/geom/journal/g_journal.c
@@ -39,6 +39,7 @@
#include <sys/mount.h>
#include <sys/mutex.h>
#include <sys/proc.h>
+#include <sys/reboot.h>
#include <sys/sbuf.h>
#include <sys/sched.h>
#include <sys/sysctl.h>
@@ -2655,13 +2656,14 @@ static eventhandler_tag g_journal_event_shutdown = NULL;
static eventhandler_tag g_journal_event_lowmem = NULL;
static void
-g_journal_shutdown(void *arg, int howto __unused)
+g_journal_shutdown_post_sync(void *arg, int howto)
{
struct g_class *mp;
struct g_geom *gp, *gp2;
- if (KERNEL_PANICKED())
+ if ((howto & RB_NOSYNC) != 0)
return;
+
mp = arg;
g_topology_lock();
LIST_FOREACH_SAFE(gp, &mp->geom, geom, gp2) {
@@ -2738,7 +2740,7 @@ g_journal_init(struct g_class *mp)
(g_journal_cache_limit / 100) * g_journal_cache_switch;
}
g_journal_event_shutdown = EVENTHANDLER_REGISTER(shutdown_post_sync,
- g_journal_shutdown, mp, EVENTHANDLER_PRI_FIRST);
+ g_journal_shutdown_post_sync, mp, EVENTHANDLER_PRI_FIRST);
if (g_journal_event_shutdown == NULL)
GJ_DEBUG(0, "Warning! Cannot register shutdown event.");
g_journal_event_lowmem = EVENTHANDLER_REGISTER(vm_lowmem,
diff --git a/sys/geom/mirror/g_mirror.c b/sys/geom/mirror/g_mirror.c
index b2bcea2f0dbb..c6f95f28ba89 100644
--- a/sys/geom/mirror/g_mirror.c
+++ b/sys/geom/mirror/g_mirror.c
@@ -39,6 +39,7 @@
#include <sys/malloc.h>
#include <sys/mutex.h>
#include <sys/proc.h>
+#include <sys/reboot.h>
#include <sys/sbuf.h>
#include <sys/sched.h>
#include <sys/sx.h>
@@ -3546,7 +3547,7 @@ g_mirror_shutdown_post_sync(void *arg, int howto)
struct g_mirror_softc *sc;
int error;
- if (KERNEL_PANICKED())
+ if ((howto & RB_NOSYNC) != 0)
return;
mp = arg;
diff --git a/sys/geom/raid/g_raid.c b/sys/geom/raid/g_raid.c
index 437cef416ca3..6938491d696c 100644
--- a/sys/geom/raid/g_raid.c
+++ b/sys/geom/raid/g_raid.c
@@ -38,6 +38,7 @@
#include <sys/module.h>
#include <sys/mutex.h>
#include <sys/proc.h>
+#include <sys/reboot.h>
#include <sys/sbuf.h>
#include <sys/sched.h>
#include <sys/sysctl.h>
@@ -2457,6 +2458,9 @@ g_raid_shutdown_post_sync(void *arg, int howto)
struct g_raid_softc *sc;
struct g_raid_volume *vol;
+ if ((howto & RB_NOSYNC) != 0)
+ return;
+
mp = arg;
g_topology_lock();
g_raid_shutdown = 1;
diff --git a/sys/geom/raid3/g_raid3.c b/sys/geom/raid3/g_raid3.c
index 8f12f14cf09b..721610cefbec 100644
--- a/sys/geom/raid3/g_raid3.c
+++ b/sys/geom/raid3/g_raid3.c
@@ -38,6 +38,7 @@
#include <sys/module.h>
#include <sys/mutex.h>
#include <sys/proc.h>
+#include <sys/reboot.h>
#include <sys/sbuf.h>
#include <sys/sched.h>
#include <sys/sysctl.h>
@@ -3573,6 +3574,9 @@ g_raid3_shutdown_post_sync(void *arg, int howto)
struct g_raid3_softc *sc;
int error;
+ if ((howto & RB_NOSYNC) != 0)
+ return;
+
mp = arg;
g_topology_lock();
g_raid3_shutdown = 1;
