LCOV - code coverage report
Current view: top level - kernel - panic.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 46 184 25.0 %
Date: 2023-08-24 13:40:31 Functions: 8 24 33.3 %

          Line data    Source code
       1             : // SPDX-License-Identifier: GPL-2.0-only
       2             : /*
       3             :  *  linux/kernel/panic.c
       4             :  *
       5             :  *  Copyright (C) 1991, 1992  Linus Torvalds
       6             :  */
       7             : 
       8             : /*
       9             :  * This function is used through-out the kernel (including mm and fs)
      10             :  * to indicate a major problem.
      11             :  */
      12             : #include <linux/debug_locks.h>
      13             : #include <linux/sched/debug.h>
      14             : #include <linux/interrupt.h>
      15             : #include <linux/kgdb.h>
      16             : #include <linux/kmsg_dump.h>
      17             : #include <linux/kallsyms.h>
      18             : #include <linux/notifier.h>
      19             : #include <linux/vt_kern.h>
      20             : #include <linux/module.h>
      21             : #include <linux/random.h>
      22             : #include <linux/ftrace.h>
      23             : #include <linux/reboot.h>
      24             : #include <linux/delay.h>
      25             : #include <linux/kexec.h>
      26             : #include <linux/panic_notifier.h>
      27             : #include <linux/sched.h>
      28             : #include <linux/string_helpers.h>
      29             : #include <linux/sysrq.h>
      30             : #include <linux/init.h>
      31             : #include <linux/nmi.h>
      32             : #include <linux/console.h>
      33             : #include <linux/bug.h>
      34             : #include <linux/ratelimit.h>
      35             : #include <linux/debugfs.h>
      36             : #include <linux/sysfs.h>
      37             : #include <linux/context_tracking.h>
      38             : #include <trace/events/error_report.h>
      39             : #include <asm/sections.h>
      40             : 
      41             : #define PANIC_TIMER_STEP 100
      42             : #define PANIC_BLINK_SPD 18
      43             : 
      44             : #ifdef CONFIG_SMP
      45             : /*
      46             :  * Should we dump all CPUs backtraces in an oops event?
      47             :  * Defaults to 0, can be changed via sysctl.
      48             :  */
      49             : static unsigned int __read_mostly sysctl_oops_all_cpu_backtrace;
      50             : #else
      51             : #define sysctl_oops_all_cpu_backtrace 0
      52             : #endif /* CONFIG_SMP */
      53             : 
      54             : int panic_on_oops = CONFIG_PANIC_ON_OOPS_VALUE;
      55             : static unsigned long tainted_mask =
      56             :         IS_ENABLED(CONFIG_RANDSTRUCT) ? (1 << TAINT_RANDSTRUCT) : 0;
      57             : static int pause_on_oops;
      58             : static int pause_on_oops_flag;
      59             : static DEFINE_SPINLOCK(pause_on_oops_lock);
      60             : bool crash_kexec_post_notifiers;
      61             : int panic_on_warn __read_mostly;
      62             : unsigned long panic_on_taint;
      63             : bool panic_on_taint_nousertaint = false;
      64             : static unsigned int warn_limit __read_mostly;
      65             : 
      66             : int panic_timeout = CONFIG_PANIC_TIMEOUT;
      67             : EXPORT_SYMBOL_GPL(panic_timeout);
      68             : 
      69             : #define PANIC_PRINT_TASK_INFO           0x00000001
      70             : #define PANIC_PRINT_MEM_INFO            0x00000002
      71             : #define PANIC_PRINT_TIMER_INFO          0x00000004
      72             : #define PANIC_PRINT_LOCK_INFO           0x00000008
      73             : #define PANIC_PRINT_FTRACE_INFO         0x00000010
      74             : #define PANIC_PRINT_ALL_PRINTK_MSG      0x00000020
      75             : #define PANIC_PRINT_ALL_CPU_BT          0x00000040
      76             : unsigned long panic_print;
      77             : 
      78             : ATOMIC_NOTIFIER_HEAD(panic_notifier_list);
      79             : 
      80             : EXPORT_SYMBOL(panic_notifier_list);
      81             : 
      82             : #ifdef CONFIG_SYSCTL
      83             : static struct ctl_table kern_panic_table[] = {
      84             : #ifdef CONFIG_SMP
      85             :         {
      86             :                 .procname       = "oops_all_cpu_backtrace",
      87             :                 .data           = &sysctl_oops_all_cpu_backtrace,
      88             :                 .maxlen         = sizeof(int),
      89             :                 .mode           = 0644,
      90             :                 .proc_handler   = proc_dointvec_minmax,
      91             :                 .extra1         = SYSCTL_ZERO,
      92             :                 .extra2         = SYSCTL_ONE,
      93             :         },
      94             : #endif
      95             :         {
      96             :                 .procname       = "warn_limit",
      97             :                 .data           = &warn_limit,
      98             :                 .maxlen         = sizeof(warn_limit),
      99             :                 .mode           = 0644,
     100             :                 .proc_handler   = proc_douintvec,
     101             :         },
     102             :         { }
     103             : };
     104             : 
     105           1 : static __init int kernel_panic_sysctls_init(void)
     106             : {
     107           1 :         register_sysctl_init("kernel", kern_panic_table);
     108           1 :         return 0;
     109             : }
     110             : late_initcall(kernel_panic_sysctls_init);
     111             : #endif
     112             : 
     113             : static atomic_t warn_count = ATOMIC_INIT(0);
     114             : 
     115             : #ifdef CONFIG_SYSFS
     116           0 : static ssize_t warn_count_show(struct kobject *kobj, struct kobj_attribute *attr,
     117             :                                char *page)
     118             : {
     119           0 :         return sysfs_emit(page, "%d\n", atomic_read(&warn_count));
     120             : }
     121             : 
     122             : static struct kobj_attribute warn_count_attr = __ATTR_RO(warn_count);
     123             : 
     124           1 : static __init int kernel_panic_sysfs_init(void)
     125             : {
     126           1 :         sysfs_add_file_to_group(kernel_kobj, &warn_count_attr.attr, NULL);
     127           1 :         return 0;
     128             : }
     129             : late_initcall(kernel_panic_sysfs_init);
     130             : #endif
     131             : 
     132           0 : static long no_blink(int state)
     133             : {
     134           0 :         return 0;
     135             : }
     136             : 
     137             : /* Returns how long it waited in ms */
     138             : long (*panic_blink)(int state);
     139             : EXPORT_SYMBOL(panic_blink);
     140             : 
     141             : /*
     142             :  * Stop ourself in panic -- architecture code may override this
     143             :  */
     144           0 : void __weak __noreturn panic_smp_self_stop(void)
     145             : {
     146             :         while (1)
     147             :                 cpu_relax();
     148             : }
     149             : 
     150             : /*
     151             :  * Stop ourselves in NMI context if another CPU has already panicked. Arch code
     152             :  * may override this to prepare for crash dumping, e.g. save regs info.
     153             :  */
     154           0 : void __weak __noreturn nmi_panic_self_stop(struct pt_regs *regs)
     155             : {
     156           0 :         panic_smp_self_stop();
     157             : }
     158             : 
     159             : /*
     160             :  * Stop other CPUs in panic.  Architecture dependent code may override this
     161             :  * with more suitable version.  For example, if the architecture supports
     162             :  * crash dump, it should save registers of each stopped CPU and disable
     163             :  * per-CPU features such as virtualization extensions.
     164             :  */
     165           0 : void __weak crash_smp_send_stop(void)
     166             : {
     167             :         static int cpus_stopped;
     168             : 
     169             :         /*
     170             :          * This function can be called twice in panic path, but obviously
     171             :          * we execute this only once.
     172             :          */
     173           0 :         if (cpus_stopped)
     174             :                 return;
     175             : 
     176             :         /*
     177             :          * Note smp_send_stop is the usual smp shutdown function, which
     178             :          * unfortunately means it may not be hardened to work in a panic
     179             :          * situation.
     180             :          */
     181             :         smp_send_stop();
     182           0 :         cpus_stopped = 1;
     183             : }
     184             : 
     185             : atomic_t panic_cpu = ATOMIC_INIT(PANIC_CPU_INVALID);
     186             : 
     187             : /*
     188             :  * A variant of panic() called from NMI context. We return if we've already
     189             :  * panicked on this CPU. If another CPU already panicked, loop in
     190             :  * nmi_panic_self_stop() which can provide architecture dependent code such
     191             :  * as saving register state for crash dump.
     192             :  */
     193           0 : void nmi_panic(struct pt_regs *regs, const char *msg)
     194             : {
     195             :         int old_cpu, cpu;
     196             : 
     197           0 :         cpu = raw_smp_processor_id();
     198           0 :         old_cpu = atomic_cmpxchg(&panic_cpu, PANIC_CPU_INVALID, cpu);
     199             : 
     200           0 :         if (old_cpu == PANIC_CPU_INVALID)
     201           0 :                 panic("%s", msg);
     202           0 :         else if (old_cpu != cpu)
     203           0 :                 nmi_panic_self_stop(regs);
     204           0 : }
     205             : EXPORT_SYMBOL(nmi_panic);
     206             : 
     207           0 : static void panic_print_sys_info(bool console_flush)
     208             : {
     209           0 :         if (console_flush) {
     210           0 :                 if (panic_print & PANIC_PRINT_ALL_PRINTK_MSG)
     211           0 :                         console_flush_on_panic(CONSOLE_REPLAY_ALL);
     212             :                 return;
     213             :         }
     214             : 
     215           0 :         if (panic_print & PANIC_PRINT_TASK_INFO)
     216             :                 show_state();
     217             : 
     218           0 :         if (panic_print & PANIC_PRINT_MEM_INFO)
     219             :                 show_mem(0, NULL);
     220             : 
     221           0 :         if (panic_print & PANIC_PRINT_TIMER_INFO)
     222           0 :                 sysrq_timer_list_show();
     223             : 
     224             :         if (panic_print & PANIC_PRINT_LOCK_INFO)
     225             :                 debug_show_all_locks();
     226             : 
     227             :         if (panic_print & PANIC_PRINT_FTRACE_INFO)
     228             :                 ftrace_dump(DUMP_ALL);
     229             : }
     230             : 
     231           1 : void check_panic_on_warn(const char *origin)
     232             : {
     233             :         unsigned int limit;
     234             : 
     235           1 :         if (panic_on_warn)
     236           0 :                 panic("%s: panic_on_warn set ...\n", origin);
     237             : 
     238           1 :         limit = READ_ONCE(warn_limit);
     239           1 :         if (atomic_inc_return(&warn_count) >= limit && limit)
     240           0 :                 panic("%s: system warned too often (kernel.warn_limit is %d)",
     241             :                       origin, limit);
     242           1 : }
     243             : 
     244             : /*
     245             :  * Helper that triggers the NMI backtrace (if set in panic_print)
     246             :  * and then performs the secondary CPUs shutdown - we cannot have
     247             :  * the NMI backtrace after the CPUs are off!
     248             :  */
     249             : static void panic_other_cpus_shutdown(bool crash_kexec)
     250             : {
     251             :         if (panic_print & PANIC_PRINT_ALL_CPU_BT)
     252             :                 trigger_all_cpu_backtrace();
     253             : 
     254             :         /*
     255             :          * Note that smp_send_stop() is the usual SMP shutdown function,
     256             :          * which unfortunately may not be hardened to work in a panic
     257             :          * situation. If we want to do crash dump after notifier calls
     258             :          * and kmsg_dump, we will need architecture dependent extra
     259             :          * bits in addition to stopping other CPUs, hence we rely on
     260             :          * crash_smp_send_stop() for that.
     261             :          */
     262           0 :         if (!crash_kexec)
     263             :                 smp_send_stop();
     264             :         else
     265           0 :                 crash_smp_send_stop();
     266             : }
     267             : 
     268             : /**
     269             :  *      panic - halt the system
     270             :  *      @fmt: The text string to print
     271             :  *
     272             :  *      Display a message, then perform cleanups.
     273             :  *
     274             :  *      This function never returns.
     275             :  */
     276           0 : void panic(const char *fmt, ...)
     277             : {
     278             :         static char buf[1024];
     279             :         va_list args;
     280           0 :         long i, i_next = 0, len;
     281           0 :         int state = 0;
     282             :         int old_cpu, this_cpu;
     283           0 :         bool _crash_kexec_post_notifiers = crash_kexec_post_notifiers;
     284             : 
     285           0 :         if (panic_on_warn) {
     286             :                 /*
     287             :                  * This thread may hit another WARN() in the panic path.
     288             :                  * Resetting this prevents additional WARN() from panicking the
     289             :                  * system on this thread.  Other threads are blocked by the
     290             :                  * panic_mutex in panic().
     291             :                  */
     292           0 :                 panic_on_warn = 0;
     293             :         }
     294             : 
     295             :         /*
     296             :          * Disable local interrupts. This will prevent panic_smp_self_stop
     297             :          * from deadlocking the first cpu that invokes the panic, since
     298             :          * there is nothing to prevent an interrupt handler (that runs
     299             :          * after setting panic_cpu) from invoking panic() again.
     300             :          */
     301             :         local_irq_disable();
     302           0 :         preempt_disable_notrace();
     303             : 
     304             :         /*
     305             :          * It's possible to come here directly from a panic-assertion and
     306             :          * not have preempt disabled. Some functions called from here want
     307             :          * preempt to be disabled. No point enabling it later though...
     308             :          *
     309             :          * Only one CPU is allowed to execute the panic code from here. For
     310             :          * multiple parallel invocations of panic, all other CPUs either
     311             :          * stop themself or will wait until they are stopped by the 1st CPU
     312             :          * with smp_send_stop().
     313             :          *
     314             :          * `old_cpu == PANIC_CPU_INVALID' means this is the 1st CPU which
     315             :          * comes here, so go ahead.
     316             :          * `old_cpu == this_cpu' means we came from nmi_panic() which sets
     317             :          * panic_cpu to this CPU.  In this case, this is also the 1st CPU.
     318             :          */
     319           0 :         this_cpu = raw_smp_processor_id();
     320           0 :         old_cpu  = atomic_cmpxchg(&panic_cpu, PANIC_CPU_INVALID, this_cpu);
     321             : 
     322           0 :         if (old_cpu != PANIC_CPU_INVALID && old_cpu != this_cpu)
     323           0 :                 panic_smp_self_stop();
     324             : 
     325           0 :         console_verbose();
     326           0 :         bust_spinlocks(1);
     327           0 :         va_start(args, fmt);
     328           0 :         len = vscnprintf(buf, sizeof(buf), fmt, args);
     329           0 :         va_end(args);
     330             : 
     331           0 :         if (len && buf[len - 1] == '\n')
     332           0 :                 buf[len - 1] = '\0';
     333             : 
     334           0 :         pr_emerg("Kernel panic - not syncing: %s\n", buf);
     335             : #ifdef CONFIG_DEBUG_BUGVERBOSE
     336             :         /*
     337             :          * Avoid nested stack-dumping if a panic occurs during oops processing
     338             :          */
     339           0 :         if (!test_taint(TAINT_DIE) && oops_in_progress <= 1)
     340           0 :                 dump_stack();
     341             : #endif
     342             : 
     343             :         /*
     344             :          * If kgdb is enabled, give it a chance to run before we stop all
     345             :          * the other CPUs or else we won't be able to debug processes left
     346             :          * running on them.
     347             :          */
     348           0 :         kgdb_panic(buf);
     349             : 
     350             :         /*
     351             :          * If we have crashed and we have a crash kernel loaded let it handle
     352             :          * everything else.
     353             :          * If we want to run this after calling panic_notifiers, pass
     354             :          * the "crash_kexec_post_notifiers" option to the kernel.
     355             :          *
     356             :          * Bypass the panic_cpu check and call __crash_kexec directly.
     357             :          */
     358             :         if (!_crash_kexec_post_notifiers)
     359             :                 __crash_kexec(NULL);
     360             : 
     361           0 :         panic_other_cpus_shutdown(_crash_kexec_post_notifiers);
     362             : 
     363             :         /*
     364             :          * Run any panic handlers, including those that might need to
     365             :          * add information to the kmsg dump output.
     366             :          */
     367           0 :         atomic_notifier_call_chain(&panic_notifier_list, 0, buf);
     368             : 
     369           0 :         panic_print_sys_info(false);
     370             : 
     371           0 :         kmsg_dump(KMSG_DUMP_PANIC);
     372             : 
     373             :         /*
     374             :          * If you doubt kdump always works fine in any situation,
     375             :          * "crash_kexec_post_notifiers" offers you a chance to run
     376             :          * panic_notifiers and dumping kmsg before kdump.
     377             :          * Note: since some panic_notifiers can make crashed kernel
     378             :          * more unstable, it can increase risks of the kdump failure too.
     379             :          *
     380             :          * Bypass the panic_cpu check and call __crash_kexec directly.
     381             :          */
     382             :         if (_crash_kexec_post_notifiers)
     383             :                 __crash_kexec(NULL);
     384             : 
     385           0 :         console_unblank();
     386             : 
     387             :         /*
     388             :          * We may have ended up stopping the CPU holding the lock (in
     389             :          * smp_send_stop()) while still having some valuable data in the console
     390             :          * buffer.  Try to acquire the lock then release it regardless of the
     391             :          * result.  The release will also print the buffers out.  Locks debug
     392             :          * should be disabled to avoid reporting bad unlock balance when
     393             :          * panic() is not being callled from OOPS.
     394             :          */
     395           0 :         debug_locks_off();
     396           0 :         console_flush_on_panic(CONSOLE_FLUSH_PENDING);
     397             : 
     398           0 :         panic_print_sys_info(true);
     399             : 
     400           0 :         if (!panic_blink)
     401           0 :                 panic_blink = no_blink;
     402             : 
     403           0 :         if (panic_timeout > 0) {
     404             :                 /*
     405             :                  * Delay timeout seconds before rebooting the machine.
     406             :                  * We can't use the "normal" timers since we just panicked.
     407             :                  */
     408           0 :                 pr_emerg("Rebooting in %d seconds..\n", panic_timeout);
     409             : 
     410           0 :                 for (i = 0; i < panic_timeout * 1000; i += PANIC_TIMER_STEP) {
     411             :                         touch_nmi_watchdog();
     412           0 :                         if (i >= i_next) {
     413           0 :                                 i += panic_blink(state ^= 1);
     414           0 :                                 i_next = i + 3600 / PANIC_BLINK_SPD;
     415             :                         }
     416           0 :                         mdelay(PANIC_TIMER_STEP);
     417             :                 }
     418             :         }
     419           0 :         if (panic_timeout != 0) {
     420             :                 /*
     421             :                  * This will not be a clean reboot, with everything
     422             :                  * shutting down.  But if there is a chance of
     423             :                  * rebooting the system it will be rebooted.
     424             :                  */
     425           0 :                 if (panic_reboot_mode != REBOOT_UNDEFINED)
     426           0 :                         reboot_mode = panic_reboot_mode;
     427           0 :                 emergency_restart();
     428             :         }
     429             : #ifdef __sparc__
     430             :         {
     431             :                 extern int stop_a_enabled;
     432             :                 /* Make sure the user can actually press Stop-A (L1-A) */
     433             :                 stop_a_enabled = 1;
     434             :                 pr_emerg("Press Stop-A (L1-A) from sun keyboard or send break\n"
     435             :                          "twice on console to return to the boot prom\n");
     436             :         }
     437             : #endif
     438             : #if defined(CONFIG_S390)
     439             :         disabled_wait();
     440             : #endif
     441           0 :         pr_emerg("---[ end Kernel panic - not syncing: %s ]---\n", buf);
     442             : 
     443             :         /* Do not scroll important messages printed above */
     444           0 :         suppress_printk = 1;
     445             :         local_irq_enable();
     446           0 :         for (i = 0; ; i += PANIC_TIMER_STEP) {
     447           0 :                 touch_softlockup_watchdog();
     448           0 :                 if (i >= i_next) {
     449           0 :                         i += panic_blink(state ^= 1);
     450           0 :                         i_next = i + 3600 / PANIC_BLINK_SPD;
     451             :                 }
     452           0 :                 mdelay(PANIC_TIMER_STEP);
     453             :         }
     454             : }
     455             : 
     456             : EXPORT_SYMBOL(panic);
     457             : 
     458             : /*
     459             :  * TAINT_FORCED_RMMOD could be a per-module flag but the module
     460             :  * is being removed anyway.
     461             :  */
     462             : const struct taint_flag taint_flags[TAINT_FLAGS_COUNT] = {
     463             :         [ TAINT_PROPRIETARY_MODULE ]    = { 'P', 'G', true },
     464             :         [ TAINT_FORCED_MODULE ]         = { 'F', ' ', true },
     465             :         [ TAINT_CPU_OUT_OF_SPEC ]       = { 'S', ' ', false },
     466             :         [ TAINT_FORCED_RMMOD ]          = { 'R', ' ', false },
     467             :         [ TAINT_MACHINE_CHECK ]         = { 'M', ' ', false },
     468             :         [ TAINT_BAD_PAGE ]              = { 'B', ' ', false },
     469             :         [ TAINT_USER ]                  = { 'U', ' ', false },
     470             :         [ TAINT_DIE ]                   = { 'D', ' ', false },
     471             :         [ TAINT_OVERRIDDEN_ACPI_TABLE ] = { 'A', ' ', false },
     472             :         [ TAINT_WARN ]                  = { 'W', ' ', false },
     473             :         [ TAINT_CRAP ]                  = { 'C', ' ', true },
     474             :         [ TAINT_FIRMWARE_WORKAROUND ]   = { 'I', ' ', false },
     475             :         [ TAINT_OOT_MODULE ]            = { 'O', ' ', true },
     476             :         [ TAINT_UNSIGNED_MODULE ]       = { 'E', ' ', true },
     477             :         [ TAINT_SOFTLOCKUP ]            = { 'L', ' ', false },
     478             :         [ TAINT_LIVEPATCH ]             = { 'K', ' ', true },
     479             :         [ TAINT_AUX ]                   = { 'X', ' ', true },
     480             :         [ TAINT_RANDSTRUCT ]            = { 'T', ' ', true },
     481             :         [ TAINT_TEST ]                  = { 'N', ' ', true },
     482             : };
     483             : 
     484             : /**
     485             :  * print_tainted - return a string to represent the kernel taint state.
     486             :  *
     487             :  * For individual taint flag meanings, see Documentation/admin-guide/sysctl/kernel.rst
     488             :  *
     489             :  * The string is overwritten by the next call to print_tainted(),
     490             :  * but is always NULL terminated.
     491             :  */
     492           1 : const char *print_tainted(void)
     493             : {
     494             :         static char buf[TAINT_FLAGS_COUNT + sizeof("Tainted: ")];
     495             : 
     496             :         BUILD_BUG_ON(ARRAY_SIZE(taint_flags) != TAINT_FLAGS_COUNT);
     497             : 
     498           1 :         if (tainted_mask) {
     499             :                 char *s;
     500             :                 int i;
     501             : 
     502           0 :                 s = buf + sprintf(buf, "Tainted: ");
     503           0 :                 for (i = 0; i < TAINT_FLAGS_COUNT; i++) {
     504           0 :                         const struct taint_flag *t = &taint_flags[i];
     505           0 :                         *s++ = test_bit(i, &tainted_mask) ?
     506             :                                         t->c_true : t->c_false;
     507             :                 }
     508           0 :                 *s = 0;
     509             :         } else
     510           1 :                 snprintf(buf, sizeof(buf), "Not tainted");
     511             : 
     512           1 :         return buf;
     513             : }
     514             : 
     515           0 : int test_taint(unsigned flag)
     516             : {
     517           0 :         return test_bit(flag, &tainted_mask);
     518             : }
     519             : EXPORT_SYMBOL(test_taint);
     520             : 
     521           0 : unsigned long get_taint(void)
     522             : {
     523           0 :         return tainted_mask;
     524             : }
     525             : 
     526             : /**
     527             :  * add_taint: add a taint flag if not already set.
     528             :  * @flag: one of the TAINT_* constants.
     529             :  * @lockdep_ok: whether lock debugging is still OK.
     530             :  *
     531             :  * If something bad has gone wrong, you'll want @lockdebug_ok = false, but for
     532             :  * some notewortht-but-not-corrupting cases, it can be set to true.
     533             :  */
     534           2 : void add_taint(unsigned flag, enum lockdep_ok lockdep_ok)
     535             : {
     536           2 :         if (lockdep_ok == LOCKDEP_NOW_UNRELIABLE && __debug_locks_off())
     537           0 :                 pr_warn("Disabling lock debugging due to kernel taint\n");
     538             : 
     539           4 :         set_bit(flag, &tainted_mask);
     540             : 
     541           2 :         if (tainted_mask & panic_on_taint) {
     542           0 :                 panic_on_taint = 0;
     543           0 :                 panic("panic_on_taint set ...");
     544             :         }
     545           2 : }
     546             : EXPORT_SYMBOL(add_taint);
     547             : 
     548             : static void spin_msec(int msecs)
     549             : {
     550             :         int i;
     551             : 
     552           0 :         for (i = 0; i < msecs; i++) {
     553           0 :                 touch_nmi_watchdog();
     554           0 :                 mdelay(1);
     555             :         }
     556             : }
     557             : 
     558             : /*
     559             :  * It just happens that oops_enter() and oops_exit() are identically
     560             :  * implemented...
     561             :  */
     562           0 : static void do_oops_enter_exit(void)
     563             : {
     564             :         unsigned long flags;
     565             :         static int spin_counter;
     566             : 
     567           0 :         if (!pause_on_oops)
     568             :                 return;
     569             : 
     570           0 :         spin_lock_irqsave(&pause_on_oops_lock, flags);
     571           0 :         if (pause_on_oops_flag == 0) {
     572             :                 /* This CPU may now print the oops message */
     573           0 :                 pause_on_oops_flag = 1;
     574             :         } else {
     575             :                 /* We need to stall this CPU */
     576           0 :                 if (!spin_counter) {
     577             :                         /* This CPU gets to do the counting */
     578           0 :                         spin_counter = pause_on_oops;
     579             :                         do {
     580             :                                 spin_unlock(&pause_on_oops_lock);
     581           0 :                                 spin_msec(MSEC_PER_SEC);
     582           0 :                                 spin_lock(&pause_on_oops_lock);
     583           0 :                         } while (--spin_counter);
     584           0 :                         pause_on_oops_flag = 0;
     585             :                 } else {
     586             :                         /* This CPU waits for a different one */
     587           0 :                         while (spin_counter) {
     588           0 :                                 spin_unlock(&pause_on_oops_lock);
     589           0 :                                 spin_msec(1);
     590             :                                 spin_lock(&pause_on_oops_lock);
     591             :                         }
     592             :                 }
     593             :         }
     594             :         spin_unlock_irqrestore(&pause_on_oops_lock, flags);
     595             : }
     596             : 
     597             : /*
     598             :  * Return true if the calling CPU is allowed to print oops-related info.
     599             :  * This is a bit racy..
     600             :  */
     601           0 : bool oops_may_print(void)
     602             : {
     603           0 :         return pause_on_oops_flag == 0;
     604             : }
     605             : 
     606             : /*
     607             :  * Called when the architecture enters its oops handler, before it prints
     608             :  * anything.  If this is the first CPU to oops, and it's oopsing the first
     609             :  * time then let it proceed.
     610             :  *
     611             :  * This is all enabled by the pause_on_oops kernel boot option.  We do all
     612             :  * this to ensure that oopses don't scroll off the screen.  It has the
     613             :  * side-effect of preventing later-oopsing CPUs from mucking up the display,
     614             :  * too.
     615             :  *
     616             :  * It turns out that the CPU which is allowed to print ends up pausing for
     617             :  * the right duration, whereas all the other CPUs pause for twice as long:
     618             :  * once in oops_enter(), once in oops_exit().
     619             :  */
     620           0 : void oops_enter(void)
     621             : {
     622             :         tracing_off();
     623             :         /* can't trust the integrity of the kernel anymore: */
     624           0 :         debug_locks_off();
     625           0 :         do_oops_enter_exit();
     626             : 
     627             :         if (sysctl_oops_all_cpu_backtrace)
     628             :                 trigger_all_cpu_backtrace();
     629           0 : }
     630             : 
     631             : static void print_oops_end_marker(void)
     632             : {
     633           1 :         pr_warn("---[ end trace %016llx ]---\n", 0ULL);
     634             : }
     635             : 
     636             : /*
     637             :  * Called when the architecture exits its oops handler, after printing
     638             :  * everything.
     639             :  */
     640           0 : void oops_exit(void)
     641             : {
     642           0 :         do_oops_enter_exit();
     643             :         print_oops_end_marker();
     644           0 :         kmsg_dump(KMSG_DUMP_OOPS);
     645           0 : }
     646             : 
     647             : struct warn_args {
     648             :         const char *fmt;
     649             :         va_list args;
     650             : };
     651             : 
     652           1 : void __warn(const char *file, int line, void *caller, unsigned taint,
     653             :             struct pt_regs *regs, struct warn_args *args)
     654             : {
     655             :         disable_trace_on_warning();
     656             : 
     657           1 :         if (file)
     658           1 :                 pr_warn("WARNING: CPU: %d PID: %d at %s:%d %pS\n",
     659             :                         raw_smp_processor_id(), current->pid, file, line,
     660             :                         caller);
     661             :         else
     662           0 :                 pr_warn("WARNING: CPU: %d PID: %d at %pS\n",
     663             :                         raw_smp_processor_id(), current->pid, caller);
     664             : 
     665           1 :         if (args)
     666           1 :                 vprintk(args->fmt, args->args);
     667             : 
     668             :         print_modules();
     669             : 
     670           1 :         if (regs)
     671           0 :                 show_regs(regs);
     672             : 
     673           1 :         check_panic_on_warn("kernel");
     674             : 
     675           1 :         if (!regs)
     676           1 :                 dump_stack();
     677             : 
     678           1 :         print_irqtrace_events(current);
     679             : 
     680             :         print_oops_end_marker();
     681           1 :         trace_error_report_end(ERROR_DETECTOR_WARN, (unsigned long)caller);
     682             : 
     683             :         /* Just a warning, don't kill lockdep. */
     684           1 :         add_taint(taint, LOCKDEP_STILL_OK);
     685           1 : }
     686             : 
     687             : #ifdef CONFIG_BUG
     688             : #ifndef __WARN_FLAGS
     689           1 : void warn_slowpath_fmt(const char *file, int line, unsigned taint,
     690             :                        const char *fmt, ...)
     691             : {
     692           1 :         bool rcu = warn_rcu_enter();
     693             :         struct warn_args args;
     694             : 
     695           1 :         pr_warn(CUT_HERE);
     696             : 
     697           1 :         if (!fmt) {
     698           0 :                 __warn(file, line, __builtin_return_address(0), taint,
     699             :                        NULL, NULL);
     700           0 :                 return;
     701             :         }
     702             : 
     703           1 :         args.fmt = fmt;
     704           1 :         va_start(args.args, fmt);
     705           1 :         __warn(file, line, __builtin_return_address(0), taint, NULL, &args);
     706           1 :         va_end(args.args);
     707           1 :         warn_rcu_exit(rcu);
     708             : }
     709             : EXPORT_SYMBOL(warn_slowpath_fmt);
     710             : #else
     711             : void __warn_printk(const char *fmt, ...)
     712             : {
     713             :         bool rcu = warn_rcu_enter();
     714             :         va_list args;
     715             : 
     716             :         pr_warn(CUT_HERE);
     717             : 
     718             :         va_start(args, fmt);
     719             :         vprintk(fmt, args);
     720             :         va_end(args);
     721             :         warn_rcu_exit(rcu);
     722             : }
     723             : EXPORT_SYMBOL(__warn_printk);
     724             : #endif
     725             : 
     726             : /* Support resetting WARN*_ONCE state */
     727             : 
     728             : static int clear_warn_once_set(void *data, u64 val)
     729             : {
     730             :         generic_bug_clear_once();
     731             :         memset(__start_once, 0, __end_once - __start_once);
     732             :         return 0;
     733             : }
     734             : 
     735             : DEFINE_DEBUGFS_ATTRIBUTE(clear_warn_once_fops, NULL, clear_warn_once_set,
     736             :                          "%lld\n");
     737             : 
     738           1 : static __init int register_warn_debugfs(void)
     739             : {
     740             :         /* Don't care about failure */
     741           1 :         debugfs_create_file_unsafe("clear_warn_once", 0200, NULL, NULL,
     742             :                                    &clear_warn_once_fops);
     743           1 :         return 0;
     744             : }
     745             : 
     746             : device_initcall(register_warn_debugfs);
     747             : #endif
     748             : 
     749             : #ifdef CONFIG_STACKPROTECTOR
     750             : 
     751             : /*
     752             :  * Called when gcc's -fstack-protector feature is used, and
     753             :  * gcc detects corruption of the on-stack canary value
     754             :  */
     755             : __visible noinstr void __stack_chk_fail(void)
     756             : {
     757             :         instrumentation_begin();
     758             :         panic("stack-protector: Kernel stack is corrupted in: %pB",
     759             :                 __builtin_return_address(0));
     760             :         instrumentation_end();
     761             : }
     762             : EXPORT_SYMBOL(__stack_chk_fail);
     763             : 
     764             : #endif
     765             : 
     766             : core_param(panic, panic_timeout, int, 0644);
     767             : core_param(panic_print, panic_print, ulong, 0644);
     768             : core_param(pause_on_oops, pause_on_oops, int, 0644);
     769             : core_param(panic_on_warn, panic_on_warn, int, 0644);
     770             : core_param(crash_kexec_post_notifiers, crash_kexec_post_notifiers, bool, 0644);
     771             : 
     772           0 : static int __init oops_setup(char *s)
     773             : {
     774           0 :         if (!s)
     775             :                 return -EINVAL;
     776           0 :         if (!strcmp(s, "panic"))
     777           0 :                 panic_on_oops = 1;
     778             :         return 0;
     779             : }
     780             : early_param("oops", oops_setup);
     781             : 
     782           0 : static int __init panic_on_taint_setup(char *s)
     783             : {
     784             :         char *taint_str;
     785             : 
     786           0 :         if (!s)
     787             :                 return -EINVAL;
     788             : 
     789           0 :         taint_str = strsep(&s, ",");
     790           0 :         if (kstrtoul(taint_str, 16, &panic_on_taint))
     791             :                 return -EINVAL;
     792             : 
     793             :         /* make sure panic_on_taint doesn't hold out-of-range TAINT flags */
     794           0 :         panic_on_taint &= TAINT_FLAGS_MAX;
     795             : 
     796           0 :         if (!panic_on_taint)
     797             :                 return -EINVAL;
     798             : 
     799           0 :         if (s && !strcmp(s, "nousertaint"))
     800           0 :                 panic_on_taint_nousertaint = true;
     801             : 
     802           0 :         pr_info("panic_on_taint: bitmask=0x%lx nousertaint_mode=%s\n",
     803             :                 panic_on_taint, str_enabled_disabled(panic_on_taint_nousertaint));
     804             : 
     805           0 :         return 0;
     806             : }
     807             : early_param("panic_on_taint", panic_on_taint_setup);

Generated by: LCOV version 1.14