On 4/17/23 21:37, Ming Lei wrote:
On Mon, Apr 17, 2023 at 04:06:53PM -0700, Bart Van Assche wrote:
System shutdown happens as follows (see e.g. the systemd source file
src/shutdown/shutdown.c):
* sync() is called.
* reboot(RB_AUTOBOOT/RB_HALT_SYSTEM/RB_POWER_OFF) is called.
* If the reboot() system call returns, log an error message.
The reboot() system call causes the kernel to call kernel_restart(),
kernel_halt() or kernel_power_off(). Each of these functions calls
device_shutdown(). device_shutdown() calls sd_shutdown(). After
sd_shutdown() has been called the .shutdown() callback of the LLD
will be called. Hence, I/O submitted after sd_shutdown() will hang or
may even cause a kernel crash.
Let sd_shutdown() fail future I/O such that LLD .shutdown() callbacks
can be simplified.
Hi Bart,
Last time you mentioned the current way may have kernel panic risk, but
you never explain the panic, can you document the panic in commit log?
Hi Ming,
I removed the references to the risk of a kernel panic since I think
that shutdown methods should not introduce that risk. From
include/device/bus.h:
* @shutdown: Called at shut-down time to quiesce the device.
That comment says "quiesce the device". It does not say that it is
allowed to crash the system if more I/O is submitted to the device.
Thanks,
Bart.
