On Mon, 2023-04-17 at 16:06 -0700, Bart Van Assche wrote: > System shutdown happens as follows (see e.g. the systemd source file > src/shutdown/shutdown.c): > * sync() is called. > * reboot(RB_AUTOBOOT/RB_HALT_SYSTEM/RB_POWER_OFF) is called. > * If the reboot() system call returns, log an error message. > > The reboot() system call causes the kernel to call kernel_restart(), > kernel_halt() or kernel_power_off(). Each of these functions calls > device_shutdown(). device_shutdown() calls sd_shutdown(). After > sd_shutdown() has been called the .shutdown() callback of the LLD > will be called. Hence, I/O submitted after sd_shutdown() will hang or > may even cause a kernel crash. > > Let sd_shutdown() fail future I/O such that LLD .shutdown() callbacks > can be simplified. What is the actual reason for this? What is it you think might be submitting I/O after the system gets into this state? Current sd_shutdown is constructed on the premise that it's the last thing that ever happens to the device before reboot/power off which is why it flushes the cache if necessary and stops the device if required, but for most standard devices neither is required because we don't expect Linux to go down with pending items in the block queue and for a write through disk cache anything that's completed on the block queue is safely durable on the device. James
