]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/shutdown/shutdown.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
network: ignore requested ipv6 routing policy rule when ipv6 is disabled by sysctl
[thirdparty/systemd.git] / src / shutdown / shutdown.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 Copyright © 2010 ProFUSION embedded systems
4 ***/
5
6 #include <errno.h>
7 #include <getopt.h>
8 #include <linux/reboot.h>
9 #include <signal.h>
10 #include <stdbool.h>
11 #include <stdlib.h>
12 #include <sys/mman.h>
13 #include <sys/mount.h>
14 #include <sys/reboot.h>
15 #include <sys/stat.h>
16 #include <unistd.h>
17
18 #include "alloc-util.h"
19 #include "async.h"
20 #include "cgroup-util.h"
21 #include "def.h"
22 #include "exec-util.h"
23 #include "fd-util.h"
24 #include "fileio.h"
25 #include "killall.h"
26 #include "log.h"
27 #include "missing.h"
28 #include "parse-util.h"
29 #include "process-util.h"
30 #include "reboot-util.h"
31 #include "rlimit-util.h"
32 #include "signal-util.h"
33 #include "string-util.h"
34 #include "switch-root.h"
35 #include "sysctl-util.h"
36 #include "terminal-util.h"
37 #include "umount.h"
38 #include "util.h"
39 #include "virt.h"
40 #include "watchdog.h"
41
42 #define SYNC_PROGRESS_ATTEMPTS 3
43 #define SYNC_TIMEOUT_USEC (10*USEC_PER_SEC)
44
45 static char* arg_verb;
46 static uint8_t arg_exit_code;
47 static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC;
48
49 static int parse_argv(int argc, char *argv[]) {
50 enum {
51 ARG_LOG_LEVEL = 0x100,
52 ARG_LOG_TARGET,
53 ARG_LOG_COLOR,
54 ARG_LOG_LOCATION,
55 ARG_EXIT_CODE,
56 ARG_TIMEOUT,
57 };
58
59 static const struct option options[] = {
60 { "log-level", required_argument, NULL, ARG_LOG_LEVEL },
61 { "log-target", required_argument, NULL, ARG_LOG_TARGET },
62 { "log-color", optional_argument, NULL, ARG_LOG_COLOR },
63 { "log-location", optional_argument, NULL, ARG_LOG_LOCATION },
64 { "exit-code", required_argument, NULL, ARG_EXIT_CODE },
65 { "timeout", required_argument, NULL, ARG_TIMEOUT },
66 {}
67 };
68
69 int c, r;
70
71 assert(argc >= 1);
72 assert(argv);
73
74 /* "-" prevents getopt from permuting argv[] and moving the verb away
75 * from argv[1]. Our interface to initrd promises it'll be there. */
76 while ((c = getopt_long(argc, argv, "-", options, NULL)) >= 0)
77 switch (c) {
78
79 case ARG_LOG_LEVEL:
80 r = log_set_max_level_from_string(optarg);
81 if (r < 0)
82 log_error_errno(r, "Failed to parse log level %s, ignoring: %m", optarg);
83
84 break;
85
86 case ARG_LOG_TARGET:
87 r = log_set_target_from_string(optarg);
88 if (r < 0)
89 log_error_errno(r, "Failed to parse log target %s, ignoring: %m", optarg);
90
91 break;
92
93 case ARG_LOG_COLOR:
94
95 if (optarg) {
96 r = log_show_color_from_string(optarg);
97 if (r < 0)
98 log_error_errno(r, "Failed to parse log color setting %s, ignoring: %m", optarg);
99 } else
100 log_show_color(true);
101
102 break;
103
104 case ARG_LOG_LOCATION:
105 if (optarg) {
106 r = log_show_location_from_string(optarg);
107 if (r < 0)
108 log_error_errno(r, "Failed to parse log location setting %s, ignoring: %m", optarg);
109 } else
110 log_show_location(true);
111
112 break;
113
114 case ARG_EXIT_CODE:
115 r = safe_atou8(optarg, &arg_exit_code);
116 if (r < 0)
117 log_error_errno(r, "Failed to parse exit code %s, ignoring: %m", optarg);
118
119 break;
120
121 case ARG_TIMEOUT:
122 r = parse_sec(optarg, &arg_timeout);
123 if (r < 0)
124 log_error_errno(r, "Failed to parse shutdown timeout %s, ignoring: %m", optarg);
125
126 break;
127
128 case '\001':
129 if (!arg_verb)
130 arg_verb = optarg;
131 else
132 log_error("Excess arguments, ignoring");
133 break;
134
135 case '?':
136 return -EINVAL;
137
138 default:
139 assert_not_reached("Unhandled option code.");
140 }
141
142 if (!arg_verb)
143 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
144 "Verb argument missing.");
145
146 return 0;
147 }
148
149 static int switch_root_initramfs(void) {
150 if (mount("/run/initramfs", "/run/initramfs", NULL, MS_BIND, NULL) < 0)
151 return log_error_errno(errno, "Failed to mount bind /run/initramfs on /run/initramfs: %m");
152
153 if (mount(NULL, "/run/initramfs", NULL, MS_PRIVATE, NULL) < 0)
154 return log_error_errno(errno, "Failed to make /run/initramfs private mount: %m");
155
156 /* switch_root with MS_BIND, because there might still be processes lurking around, which have open file descriptors.
157 * /run/initramfs/shutdown will take care of these.
158 * Also do not detach the old root, because /run/initramfs/shutdown needs to access it.
159 */
160 return switch_root("/run/initramfs", "/oldroot", false, MS_BIND);
161 }
162
163 /* Read the following fields from /proc/meminfo:
164 *
165 * NFS_Unstable
166 * Writeback
167 * Dirty
168 *
169 * Return true if the sum of these fields is greater than the previous
170 * value input. For all other issues, report the failure and indicate that
171 * the sync is not making progress.
172 */
173 static int sync_making_progress(unsigned long long *prev_dirty) {
174 _cleanup_fclose_ FILE *f = NULL;
175 unsigned long long val = 0;
176 int ret;
177
178 f = fopen("/proc/meminfo", "re");
179 if (!f)
180 return log_warning_errno(errno, "Failed to open /proc/meminfo: %m");
181
182 for (;;) {
183 _cleanup_free_ char *line = NULL;
184 unsigned long long ull = 0;
185 int q;
186
187 q = read_line(f, LONG_LINE_MAX, &line);
188 if (q < 0)
189 return log_warning_errno(q, "Failed to parse /proc/meminfo: %m");
190 if (q == 0)
191 break;
192
193 if (!first_word(line, "NFS_Unstable:") && !first_word(line, "Writeback:") && !first_word(line, "Dirty:"))
194 continue;
195
196 errno = 0;
197 if (sscanf(line, "%*s %llu %*s", &ull) != 1) {
198 if (errno != 0)
199 log_warning_errno(errno, "Failed to parse /proc/meminfo: %m");
200 else
201 log_warning("Failed to parse /proc/meminfo");
202
203 return false;
204 }
205
206 val += ull;
207 }
208
209 ret = *prev_dirty > val;
210 *prev_dirty = val;
211 return ret;
212 }
213
214 static void sync_with_progress(void) {
215 unsigned long long dirty = ULLONG_MAX;
216 unsigned checks;
217 pid_t pid;
218 int r;
219
220 BLOCK_SIGNALS(SIGCHLD);
221
222 /* Due to the possibility of the sync operation hanging, we fork a child process and monitor the progress. If
223 * the timeout lapses, the assumption is that that particular sync stalled. */
224
225 r = asynchronous_sync(&pid);
226 if (r < 0) {
227 log_error_errno(r, "Failed to fork sync(): %m");
228 return;
229 }
230
231 log_info("Syncing filesystems and block devices.");
232
233 /* Start monitoring the sync operation. If more than
234 * SYNC_PROGRESS_ATTEMPTS lapse without progress being made,
235 * we assume that the sync is stalled */
236 for (checks = 0; checks < SYNC_PROGRESS_ATTEMPTS; checks++) {
237 r = wait_for_terminate_with_timeout(pid, SYNC_TIMEOUT_USEC);
238 if (r == 0)
239 /* Sync finished without error.
240 * (The sync itself does not return an error code) */
241 return;
242 else if (r == -ETIMEDOUT) {
243 /* Reset the check counter if the "Dirty" value is
244 * decreasing */
245 if (sync_making_progress(&dirty) > 0)
246 checks = 0;
247 } else {
248 log_error_errno(r, "Failed to sync filesystems and block devices: %m");
249 return;
250 }
251 }
252
253 /* Only reached in the event of a timeout. We should issue a kill
254 * to the stray process. */
255 log_error("Syncing filesystems and block devices - timed out, issuing SIGKILL to PID "PID_FMT".", pid);
256 (void) kill(pid, SIGKILL);
257 }
258
259 static int read_current_sysctl_printk_log_level(void) {
260 _cleanup_free_ char *sysctl_printk_vals = NULL, *sysctl_printk_curr = NULL;
261 unsigned current_lvl = 0;
262 const char *p;
263 int r;
264
265 r = sysctl_read("kernel/printk", &sysctl_printk_vals);
266 if (r < 0)
267 return log_debug_errno(r, "Cannot read sysctl kernel.printk: %m");
268
269 p = sysctl_printk_vals;
270 r = extract_first_word(&p, &sysctl_printk_curr, NULL, 0);
271 if (r > 0)
272 r = safe_atou(sysctl_printk_curr, &current_lvl);
273 else if (r == 0)
274 r = -EINVAL;
275
276 if (r < 0)
277 return log_debug_errno(r, "Unexpected sysctl kernel.printk content: %s", sysctl_printk_vals);
278
279 return current_lvl;
280 }
281
282 static void bump_sysctl_printk_log_level(int min_level) {
283 /* Set the logging level to be able to see messages with log level smaller or equal to min_level */
284
285 int current_lvl = read_current_sysctl_printk_log_level();
286 if (current_lvl >= 0 && current_lvl <= min_level) {
287 char buf[DECIMAL_STR_MAX(int)];
288 xsprintf(buf, "%d", min_level + 1);
289 int r = sysctl_write("kernel/printk", buf);
290 if (r < 0)
291 log_debug_errno(r, "Failed to bump kernel.printk to %s: %m", buf);
292 }
293 }
294
295 int main(int argc, char *argv[]) {
296 bool need_umount, need_swapoff, need_loop_detach, need_dm_detach;
297 bool in_container, use_watchdog = false, can_initrd;
298 _cleanup_free_ char *cgroup = NULL;
299 char *arguments[3];
300 int cmd, r, umount_log_level = LOG_INFO;
301 static const char* const dirs[] = {SYSTEM_SHUTDOWN_PATH, NULL};
302 char *watchdog_device;
303
304 /* The log target defaults to console, but the original systemd process will pass its log target in through a
305 * command line argument, which will override this default. Also, ensure we'll never log to the journal or
306 * syslog, as these logging daemons are either already dead or will die very soon. */
307
308 log_set_target(LOG_TARGET_CONSOLE);
309 log_set_prohibit_ipc(true);
310 log_parse_environment();
311
312 r = parse_argv(argc, argv);
313 if (r < 0)
314 goto error;
315
316 log_open();
317
318 umask(0022);
319
320 if (getpid_cached() != 1) {
321 log_error("Not executed by init (PID 1).");
322 r = -EPERM;
323 goto error;
324 }
325
326 if (streq(arg_verb, "reboot"))
327 cmd = RB_AUTOBOOT;
328 else if (streq(arg_verb, "poweroff"))
329 cmd = RB_POWER_OFF;
330 else if (streq(arg_verb, "halt"))
331 cmd = RB_HALT_SYSTEM;
332 else if (streq(arg_verb, "kexec"))
333 cmd = LINUX_REBOOT_CMD_KEXEC;
334 else if (streq(arg_verb, "exit"))
335 cmd = 0; /* ignored, just checking that arg_verb is valid */
336 else {
337 log_error("Unknown action '%s'.", arg_verb);
338 r = -EINVAL;
339 goto error;
340 }
341
342 (void) cg_get_root_path(&cgroup);
343 in_container = detect_container() > 0;
344
345 /* If the logging messages are going to KMSG, and if we are not running from a container,
346 * then try to update the sysctl kernel.printk current value in order to see "info" messages;
347 * This current log level is not updated if already big enough.
348 */
349 if (!in_container && IN_SET(log_get_target(), LOG_TARGET_AUTO,
350 LOG_TARGET_JOURNAL_OR_KMSG,
351 LOG_TARGET_SYSLOG_OR_KMSG,
352 LOG_TARGET_KMSG))
353 bump_sysctl_printk_log_level(LOG_INFO);
354
355 use_watchdog = getenv("WATCHDOG_USEC");
356 watchdog_device = getenv("WATCHDOG_DEVICE");
357 if (watchdog_device) {
358 r = watchdog_set_device(watchdog_device);
359 if (r < 0)
360 log_warning_errno(r, "Failed to set watchdog device to %s, ignoring: %m",
361 watchdog_device);
362 }
363
364 /* Lock us into memory */
365 (void) mlockall(MCL_CURRENT|MCL_FUTURE);
366
367 /* Synchronize everything that is not written to disk yet at this point already. This is a good idea so that
368 * slow IO is processed here already and the final process killing spree is not impacted by processes
369 * desperately trying to sync IO to disk within their timeout. Do not remove this sync, data corruption will
370 * result. */
371 if (!in_container)
372 sync_with_progress();
373
374 disable_coredumps();
375
376 log_info("Sending SIGTERM to remaining processes...");
377 broadcast_signal(SIGTERM, true, true, arg_timeout);
378
379 log_info("Sending SIGKILL to remaining processes...");
380 broadcast_signal(SIGKILL, true, false, arg_timeout);
381
382 need_umount = !in_container;
383 need_swapoff = !in_container;
384 need_loop_detach = !in_container;
385 need_dm_detach = !in_container;
386 can_initrd = !in_container && !in_initrd() && access("/run/initramfs/shutdown", X_OK) == 0;
387
388 /* Unmount all mountpoints, swaps, and loopback devices */
389 for (;;) {
390 bool changed = false;
391
392 if (use_watchdog)
393 (void) watchdog_ping();
394
395 /* Let's trim the cgroup tree on each iteration so
396 that we leave an empty cgroup tree around, so that
397 container managers get a nice notify event when we
398 are down */
399 if (cgroup)
400 (void) cg_trim(SYSTEMD_CGROUP_CONTROLLER, cgroup, false);
401
402 if (need_umount) {
403 log_info("Unmounting file systems.");
404 r = umount_all(&changed, umount_log_level);
405 if (r == 0) {
406 need_umount = false;
407 log_info("All filesystems unmounted.");
408 } else if (r > 0)
409 log_info("Not all file systems unmounted, %d left.", r);
410 else
411 log_error_errno(r, "Failed to unmount file systems: %m");
412 }
413
414 if (need_swapoff) {
415 log_info("Deactivating swaps.");
416 r = swapoff_all(&changed);
417 if (r == 0) {
418 need_swapoff = false;
419 log_info("All swaps deactivated.");
420 } else if (r > 0)
421 log_info("Not all swaps deactivated, %d left.", r);
422 else
423 log_error_errno(r, "Failed to deactivate swaps: %m");
424 }
425
426 if (need_loop_detach) {
427 log_info("Detaching loop devices.");
428 r = loopback_detach_all(&changed, umount_log_level);
429 if (r == 0) {
430 need_loop_detach = false;
431 log_info("All loop devices detached.");
432 } else if (r > 0)
433 log_info("Not all loop devices detached, %d left.", r);
434 else
435 log_error_errno(r, "Failed to detach loop devices: %m");
436 }
437
438 if (need_dm_detach) {
439 log_info("Detaching DM devices.");
440 r = dm_detach_all(&changed, umount_log_level);
441 if (r == 0) {
442 need_dm_detach = false;
443 log_info("All DM devices detached.");
444 } else if (r > 0)
445 log_info("Not all DM devices detached, %d left.", r);
446 else
447 log_error_errno(r, "Failed to detach DM devices: %m");
448 }
449
450 if (!need_umount && !need_swapoff && !need_loop_detach && !need_dm_detach) {
451 log_info("All filesystems, swaps, loop devices and DM devices detached.");
452 /* Yay, done */
453 break;
454 }
455
456 if (!changed && umount_log_level == LOG_INFO && !can_initrd) {
457 /* There are things we cannot get rid of. Loop one more time
458 * with LOG_ERR to inform the user. Note that we don't need
459 * to do this if there is a initrd to switch to, because that
460 * one is likely to get rid of the remounting mounts. If not,
461 * it will log about them. */
462 umount_log_level = LOG_ERR;
463 continue;
464 }
465
466 /* If in this iteration we didn't manage to
467 * unmount/deactivate anything, we simply give up */
468 if (!changed) {
469 log_info("Cannot finalize remaining%s%s%s%s continuing.",
470 need_umount ? " file systems," : "",
471 need_swapoff ? " swap devices," : "",
472 need_loop_detach ? " loop devices," : "",
473 need_dm_detach ? " DM devices," : "");
474 break;
475 }
476
477 log_debug("Couldn't finalize remaining %s%s%s%s trying again.",
478 need_umount ? " file systems," : "",
479 need_swapoff ? " swap devices," : "",
480 need_loop_detach ? " loop devices," : "",
481 need_dm_detach ? " DM devices," : "");
482 }
483
484 /* We're done with the watchdog. */
485 watchdog_free_device();
486
487 arguments[0] = NULL;
488 arguments[1] = arg_verb;
489 arguments[2] = NULL;
490 (void) execute_directories(dirs, DEFAULT_TIMEOUT_USEC, NULL, NULL, arguments, NULL, EXEC_DIR_PARALLEL | EXEC_DIR_IGNORE_ERRORS);
491
492 (void) rlimit_nofile_safe();
493
494 if (can_initrd) {
495 r = switch_root_initramfs();
496 if (r >= 0) {
497 argv[0] = (char*) "/shutdown";
498
499 (void) setsid();
500 (void) make_console_stdio();
501
502 log_info("Successfully changed into root pivot.\n"
503 "Returning to initrd...");
504
505 execv("/shutdown", argv);
506 log_error_errno(errno, "Failed to execute shutdown binary: %m");
507 } else
508 log_error_errno(r, "Failed to switch root to \"/run/initramfs\": %m");
509
510 }
511
512 if (need_umount || need_swapoff || need_loop_detach || need_dm_detach)
513 log_error("Failed to finalize %s%s%s%s ignoring",
514 need_umount ? " file systems," : "",
515 need_swapoff ? " swap devices," : "",
516 need_loop_detach ? " loop devices," : "",
517 need_dm_detach ? " DM devices," : "");
518
519 /* The kernel will automatically flush ATA disks and suchlike on reboot(), but the file systems need to be
520 * sync'ed explicitly in advance. So let's do this here, but not needlessly slow down containers. Note that we
521 * sync'ed things already once above, but we did some more work since then which might have caused IO, hence
522 * let's do it once more. Do not remove this sync, data corruption will result. */
523 if (!in_container)
524 sync_with_progress();
525
526 if (streq(arg_verb, "exit")) {
527 if (in_container)
528 return arg_exit_code;
529
530 cmd = RB_POWER_OFF; /* We cannot exit() on the host, fallback on another method. */
531 }
532
533 switch (cmd) {
534
535 case LINUX_REBOOT_CMD_KEXEC:
536
537 if (!in_container) {
538 /* We cheat and exec kexec to avoid doing all its work */
539 log_info("Rebooting with kexec.");
540
541 r = safe_fork("(sd-kexec)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_WAIT, NULL);
542 if (r == 0) {
543 const char * const args[] = {
544 KEXEC, "-e", NULL
545 };
546
547 /* Child */
548
549 execv(args[0], (char * const *) args);
550 _exit(EXIT_FAILURE);
551 }
552
553 /* If we are still running, then the kexec can't have worked, let's fall through */
554 }
555
556 cmd = RB_AUTOBOOT;
557 _fallthrough_;
558
559 case RB_AUTOBOOT:
560 (void) reboot_with_parameter(REBOOT_LOG);
561 log_info("Rebooting.");
562 break;
563
564 case RB_POWER_OFF:
565 log_info("Powering off.");
566 break;
567
568 case RB_HALT_SYSTEM:
569 log_info("Halting system.");
570 break;
571
572 default:
573 assert_not_reached("Unknown magic");
574 }
575
576 (void) reboot(cmd);
577 if (errno == EPERM && in_container) {
578 /* If we are in a container, and we lacked
579 * CAP_SYS_BOOT just exit, this will kill our
580 * container for good. */
581 log_info("Exiting container.");
582 return EXIT_SUCCESS;
583 }
584
585 r = log_error_errno(errno, "Failed to invoke reboot(): %m");
586
587 error:
588 log_emergency_errno(r, "Critical error while doing system shutdown: %m");
589 freeze();
590 }
Unnamed repository; edit this file 'description' to name the repository.