The patch titled
Subject: reboot: add support for configuring emergency hardware protection action
has been added to the -mm mm-nonmm-unstable branch. Its filename is
reboot-add-support-for-configuring-emergency-hardware-protection-action.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/reboot-add-support-for-configuring-emergency-hardware-protection-action.patch
This patch will later appear in the mm-nonmm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
Subject: reboot: add support for configuring emergency hardware protection action
Date: Mon, 17 Feb 2025 21:39:47 +0100
We currently leave the decision of whether to shutdown or reboot to
protect hardware in an emergency situation to the individual drivers.
This works out in some cases, where the driver detecting the critical
failure has inside knowledge: It binds to the system management controller
for example or is guided by hardware description that defines what to do.
In the general case, however, the driver detecting the issue can't know
what the appropriate course of action is and shouldn't be dictating the
policy of dealing with it.
Therefore, add a global hw_protection toggle that allows the user to
specify whether shutdown or reboot should be the default action when the
driver doesn't set policy.
This introduces no functional change yet as hw_protection_trigger() has no
callers, but these will be added in subsequent commits.
Link: https://lkml.kernel.org/r/20250217-hw_protection-reboot-v3-7-e1c09b090c0c@xxxxxxxxxxxxxx
Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
Reviewed-by: Tzung-Bi Shih <tzungbi@xxxxxxxxxx>
Cc: Benson Leung <bleung@xxxxxxxxxxxx>
Cc: Daniel Lezcano <daniel.lezcano@xxxxxxxxxx>
Cc: Fabio Estevam <festevam@xxxxxxx>
Cc: Guenter Roeck <groeck@xxxxxxxxxxxx>
Cc: Jonathan Corbet <corbet@xxxxxxx>
Cc: Liam Girdwood <lgirdwood@xxxxxxxxx>
Cc: Lukasz Luba <lukasz.luba@xxxxxxx>
Cc: Mark Brown <broonie@xxxxxxxxxx>
Cc: Matteo Croce <teknoraver@xxxxxxxx>
Cc: Matti Vaittinen <mazziesaccount@xxxxxxxxx>
Cc: "Rafael J. Wysocki" <rafael@xxxxxxxxxx>
Cc: Rob Herring (Arm) <robh@xxxxxxxxxx>
Cc: Rui Zhang <rui.zhang@xxxxxxxxx>
Cc: Sascha Hauer <kernel@xxxxxxxxxxxxxx>
Cc: "Serge E. Hallyn" <serge@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
Documentation/ABI/testing/sysfs-kernel-reboot | 8 ++
Documentation/admin-guide/kernel-parameters.txt | 6 +
include/linux/reboot.h | 22 ++++++
include/uapi/linux/capability.h | 1
kernel/reboot.c | 46 ++++++++++++++
5 files changed, 82 insertions(+), 1 deletion(-)
--- a/Documentation/ABI/testing/sysfs-kernel-reboot~reboot-add-support-for-configuring-emergency-hardware-protection-action
+++ a/Documentation/ABI/testing/sysfs-kernel-reboot
@@ -30,3 +30,11 @@ KernelVersion: 5.11
Contact: Matteo Croce <mcroce@xxxxxxxxxxxxx>
Description: Don't wait for any other CPUs on reboot and
avoid anything that could hang.
+
+What: /sys/kernel/reboot/hw_protection
+Date: April 2025
+KernelVersion: 6.15
+Contact: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
+Description: Hardware protection action taken on critical events like
+ overtemperature or imminent voltage loss.
+ Valid values are: reboot shutdown
--- a/Documentation/admin-guide/kernel-parameters.txt~reboot-add-support-for-configuring-emergency-hardware-protection-action
+++ a/Documentation/admin-guide/kernel-parameters.txt
@@ -1933,6 +1933,12 @@
which allow the hypervisor to 'idle' the guest
on lock contention.
+ hw_protection= [HW]
+ Format: reboot | shutdown
+
+ Hardware protection action taken on critical events like
+ overtemperature or imminent voltage loss.
+
i2c_bus= [HW] Override the default board specific I2C bus speed
or register an additional I2C bus that is not
registered from board initialization code.
--- a/include/linux/reboot.h~reboot-add-support-for-configuring-emergency-hardware-protection-action
+++ a/include/linux/reboot.h
@@ -181,16 +181,36 @@ extern void orderly_reboot(void);
/**
* enum hw_protection_action - Hardware protection action
*
+ * @HWPROT_ACT_DEFAULT:
+ * The default action should be taken. This is HWPROT_ACT_SHUTDOWN
+ * by default, but can be overridden.
* @HWPROT_ACT_SHUTDOWN:
* The system should be shut down (powered off) for HW protection.
* @HWPROT_ACT_REBOOT:
* The system should be rebooted for HW protection.
*/
-enum hw_protection_action { HWPROT_ACT_SHUTDOWN, HWPROT_ACT_REBOOT };
+enum hw_protection_action { HWPROT_ACT_DEFAULT, HWPROT_ACT_SHUTDOWN, HWPROT_ACT_REBOOT };
void __hw_protection_trigger(const char *reason, int ms_until_forced,
enum hw_protection_action action);
+/**
+ * hw_protection_trigger - Trigger default emergency system hardware protection action
+ *
+ * @reason: Reason of emergency shutdown or reboot to be printed.
+ * @ms_until_forced: Time to wait for orderly shutdown or reboot before
+ * triggering it. Negative value disables the forced
+ * shutdown or reboot.
+ *
+ * Initiate an emergency system shutdown or reboot in order to protect
+ * hardware from further damage. The exact action taken is controllable at
+ * runtime and defaults to shutdown.
+ */
+static inline void hw_protection_trigger(const char *reason, int ms_until_forced)
+{
+ __hw_protection_trigger(reason, ms_until_forced, HWPROT_ACT_DEFAULT);
+}
+
static inline void hw_protection_reboot(const char *reason, int ms_until_forced)
{
__hw_protection_trigger(reason, ms_until_forced, HWPROT_ACT_REBOOT);
--- a/include/uapi/linux/capability.h~reboot-add-support-for-configuring-emergency-hardware-protection-action
+++ a/include/uapi/linux/capability.h
@@ -275,6 +275,7 @@ struct vfs_ns_cap_data {
/* Allow setting encryption key on loopback filesystem */
/* Allow setting zone reclaim policy */
/* Allow everything under CAP_BPF and CAP_PERFMON for backward compatibility */
+/* Allow setting hardware protection emergency action */
#define CAP_SYS_ADMIN 21
--- a/kernel/reboot.c~reboot-add-support-for-configuring-emergency-hardware-protection-action
+++ a/kernel/reboot.c
@@ -36,6 +36,8 @@ enum reboot_mode reboot_mode DEFAULT_REB
EXPORT_SYMBOL_GPL(reboot_mode);
enum reboot_mode panic_reboot_mode = REBOOT_UNDEFINED;
+static enum hw_protection_action hw_protection_action = HWPROT_ACT_SHUTDOWN;
+
/*
* This variable is used privately to keep track of whether or not
* reboot_type is still set to its default value (i.e., reboot= hasn't
@@ -1027,6 +1029,9 @@ void __hw_protection_trigger(const char
{
static atomic_t allow_proceed = ATOMIC_INIT(1);
+ if (action == HWPROT_ACT_DEFAULT)
+ action = hw_protection_action;
+
pr_emerg("HARDWARE PROTECTION %s (%s)\n",
hw_protection_action_str(action), reason);
@@ -1046,6 +1051,46 @@ void __hw_protection_trigger(const char
}
EXPORT_SYMBOL_GPL(__hw_protection_trigger);
+static bool hw_protection_action_parse(const char *str,
+ enum hw_protection_action *action)
+{
+ if (sysfs_streq(str, "shutdown"))
+ *action = HWPROT_ACT_SHUTDOWN;
+ else if (sysfs_streq(str, "reboot"))
+ *action = HWPROT_ACT_REBOOT;
+ else
+ return false;
+
+ return true;
+}
+
+static int __init hw_protection_setup(char *str)
+{
+ hw_protection_action_parse(str, &hw_protection_action);
+ return 1;
+}
+__setup("hw_protection=", hw_protection_setup);
+
+static ssize_t hw_protection_show(struct kobject *kobj,
+ struct kobj_attribute *attr, char *buf)
+{
+ return sysfs_emit(buf, "%s\n",
+ hw_protection_action_str(hw_protection_action));
+}
+static ssize_t hw_protection_store(struct kobject *kobj,
+ struct kobj_attribute *attr, const char *buf,
+ size_t count)
+{
+ if (!capable(CAP_SYS_ADMIN))
+ return -EPERM;
+
+ if (!hw_protection_action_parse(buf, &hw_protection_action))
+ return -EINVAL;
+
+ return count;
+}
+static struct kobj_attribute hw_protection_attr = __ATTR_RW(hw_protection);
+
static int __init reboot_setup(char *str)
{
for (;;) {
@@ -1305,6 +1350,7 @@ static struct kobj_attribute reboot_cpu_
#endif
static struct attribute *reboot_attrs[] = {
+ &hw_protection_attr.attr,
&reboot_mode_attr.attr,
#ifdef CONFIG_X86
&reboot_force_attr.attr,
_
Patches currently in -mm which might be from a.fatoum@xxxxxxxxxxxxxx are
reboot-replace-__hw_protection_shutdown-bool-action-parameter-with-an-enum.patch
reboot-reboot-not-shutdown-on-hw_protection_reboot-timeout.patch
docs-thermal-sync-hardware-protection-doc-with-code.patch
reboot-describe-do_kernel_restarts-cmd-argument-in-kernel-doc.patch
reboot-rename-now-misleading-__hw_protection_shutdown-symbols.patch
reboot-indicate-whether-it-is-a-hardware-protection-reboot-or-shutdown.patch
reboot-add-support-for-configuring-emergency-hardware-protection-action.patch
regulator-allow-user-configuration-of-hardware-protection-action.patch
platform-chrome-cros_ec_lpc-prepare-for-hw_protection_shutdown-removal.patch
dt-bindings-thermal-give-os-some-leeway-in-absence-of-critical-action.patch
thermal-core-allow-user-configuration-of-hardware-protection-action.patch
reboot-retire-hw_protection_reboot-and-hw_protection_shutdown-helpers.patch
