From owner-freebsd-arch@FreeBSD.ORG Wed May 6 16:38:33 2009 Return-Path: Delivered-To: freebsd-arch@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A117B106566B for ; Wed, 6 May 2009 16:38:33 +0000 (UTC) (envelope-from avg@icyb.net.ua) Received: from citadel.icyb.net.ua (citadel.icyb.net.ua [212.40.38.140]) by mx1.freebsd.org (Postfix) with ESMTP id D9F068FC14 for ; Wed, 6 May 2009 16:38:32 +0000 (UTC) (envelope-from avg@icyb.net.ua) Received: from odyssey.starpoint.kiev.ua (alpha-e.starpoint.kiev.ua [212.40.38.101]) by citadel.icyb.net.ua (8.8.8p3/ICyb-2.3exp) with ESMTP id TAA14456 for ; Wed, 06 May 2009 19:24:04 +0300 (EEST) (envelope-from avg@icyb.net.ua) Message-ID: <4A01B9A3.2030806@icyb.net.ua> Date: Wed, 06 May 2009 19:24:03 +0300 From: Andriy Gapon User-Agent: Thunderbird 2.0.0.21 (X11/20090406) MIME-Version: 1.0 To: freebsd-arch@FreeBSD.org X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: Subject: shutdown_nice during boot X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 May 2009 16:38:33 -0000 First, let me simply paste the whole body of shutdown_nice function: void shutdown_nice(int howto) { shutdown_howto = howto; /* Send a signal to init(8) and have it shutdown the world */ if (initproc != NULL) { PROC_LOCK(initproc); psignal(initproc, SIGINT); PROC_UNLOCK(initproc); } else { /* No init(8) running, so simply reboot */ boot(RB_NOSYNC); } return; } Now, initproc is initialized quite early during boot to make sure that PID of 1 is reserved for init. Actual init process is executed at the very end of boot. Right after init is forked it ignores all signals because this is how proc0 is set up. Only when it is actually executed it explicitly re-enables signals and installs certain handlers. Because of the above there is a time frame where initproc != NULL but any signal for init gets ignored. There are not many places where shutdown_nice can be called during that time frame, but I think that there are some. Very unlikely, but theoretically possible situation: a system starts overheating immediately after power on, acpi_tz driver detects this and calls shutdown_nice at the wrong time, the system keeps booting up and eventually melts down. It may be possible to make sure that shutdown_nice is never called at the wrong time by tweaking all the places where it's used. But maybe there is a way to make shutdown_nice behave in a usual way even during that inconvenient timeframe. It's possible to re-enable SIGINT right after init is forked, but this way it will be delivered to init before it installs signal handlers and thus init would simply terminate resulting in "Going nowhere without my init!" panic. Please share your ideas. Thank you! -- Andriy Gapon