Date: Tue, 6 Feb 2024 15:14:24 -0700 From: Warner Losh <imp@bsdimp.com> To: Andriy Gapon <avg@freebsd.org> Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: e4ab361e5394 - main - fix poweroff regression from 9cdf326b4f by delaying shutdown_halt Message-ID: <CANCZdfrfSuX2i4Dm4W06Ep1rgAsgxtwH_XzHS0LgSwyj2_%2BJHw@mail.gmail.com> In-Reply-To: <72def5a9-ffcc-4dcc-9b85-875ba7f46539@FreeBSD.org> References: <72def5a9-ffcc-4dcc-9b85-875ba7f46539@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--0000000000005c13d20610bde77f Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Feb 6, 2024 at 3:13=E2=80=AFAM Andriy Gapon <avg@freebsd.org> wrote= : > On 06/02/2024 11:41, Andriy Gapon wrote: > > The branch main has been updated by avg: > > > > URL: > https://cgit.FreeBSD.org/src/commit/?id=3De4ab361e53945a6c3e9d68c5e5ffc11= de40a35f2 > > > > commit e4ab361e53945a6c3e9d68c5e5ffc11de40a35f2 > > Author: Andriy Gapon <avg@FreeBSD.org> > > AuthorDate: 2024-02-06 08:55:13 +0000 > > Commit: Andriy Gapon <avg@FreeBSD.org> > > CommitDate: 2024-02-06 08:55:13 +0000 > > > > fix poweroff regression from 9cdf326b4f by delaying shutdown_halt > > > > The regression affected ACPI-based systems without EFI poweroff > support > > (including VMs). > > > > The key reason for the regression is that I overlooked that > poweroff is > > requested by RB_POWEROFF | RB_HALT combination of flags. In my > opinion, > > that command is a bit bipolar, but since we've been doing that > forever, > > then so be it. Because of that flag combination, the order of > > shutdown_final handlers that check for either flag does matter. > > > > Some additional complexity comes from platform-specific > shutdown_final > > handlers that aim to handle multiple reboot options at once. E.g.= , > > acpi_shutdown_final handles both poweroff and reboot / reset. As > > explained in 9cdf326b4f, such a handler must run after > shutdown_panic to > > give it a chance. But as the change revealed, the handler must > also run > > before shutdown_halt, so that the system can actually power off > before > > entering the halt limbo. > > > > Previously, shutdown_panic and shutdown_halt had the same priority > which > > appears to be incompatible with handlers that can do both poweroff > and > > reset. > > I want to add that having many handlers with priorities expressed like > SHUTDOWN_PRI_LAST =C2=B1 N while some of those handlers have implicit > inter-dependencies (interactions, interference) also does not help to see > a > clear picture. > > Perhaps it would be better to handle all (reasonable) RB flag combination= s > centrally in kern_reboot and then dispatch events like shutdown_reset, > shutdown_poweroff, etc. Handlers for those events would have a single an= d > simple job of performing that one action (perhaps failing and letting > another > handler try). > > Also, I would split reboot howto into command and flag portions, so that > only > one command can be specified at a time. E.g., I would consider > RB_AUTOBOOT > ("RB_REBOOT"), RB_POWEROFF, RB_HALT to be distinct commands. Then, flags > like > RB_NOSYNC or RB_DUMP could be optional flags. > Part of the problem is that RB_AUTOBOOT's value is 0. And we're using bits to describe what to do (was the fashion in the late 80s/90s, bio used to have its commands as bits, not a bit field). You also didn't include RB_POWERCYCLE which is a new bit in this list. It's a mess. As an aside, some flags documented for reboot(2) do not seem to have much > to do > with reboot. E.g., RB_DFLTROOT affects how a system boots up, but not ho= w > the > system goes for a reboot. Not surprisingly, that option is not handled b= y > anything kicked off with reboot(2). > Maybe, it would make more sense if we had fast reboot support and the > running > kernel could instruct the next kernel directly. But, it's still a bit > weird > that flags like RB_POWEROFF and RB_DFLTROOT belong in the same domain and > can be > set together. > More like 'support again' since this interface is from 4BSD and hasn't been updated in a very long time. It made sense when you could tell the VAX's firmware details about the next reboot, but we don't really have that short of implementing kexec... Though to fix it we should maybe just have a number of handlers that are called at each stage, and we deal with only one bit at a time (POWERCYCLE > POWEROFF > HALT) and your drivers register a separate one for each... It would be a bit more rework in the tree, and there'd be a few more functions called, but it would be a minimal change. But it kinda feels like we should just bite the bullet and have 3 handlers for these cases. One to power cycle, one to power off and one to halt. Then the drivers wouldn't care which ones have priority, they'd just check a bit and do what they are told (or maybe we say that they only run when the bit is set to make that code simpler). And if one bit of hardware can do all three, they'd have to implement 3 handlers... Tha ambiguity would be gone and the ordering wouldn't matter. Warner --0000000000005c13d20610bde77f Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">= <div dir=3D"ltr" class=3D"gmail_attr">On Tue, Feb 6, 2024 at 3:13=E2=80=AFA= M Andriy Gapon <<a href=3D"mailto:avg@freebsd.org">avg@freebsd.org</a>&g= t; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0p= x 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 06/= 02/2024 11:41, Andriy Gapon wrote:<br> > The branch main has been updated by avg:<br> > <br> > URL: <a href=3D"https://cgit.FreeBSD.org/src/commit/?id=3De4ab361e5394= 5a6c3e9d68c5e5ffc11de40a35f2" rel=3D"noreferrer" target=3D"_blank">https://= cgit.FreeBSD.org/src/commit/?id=3De4ab361e53945a6c3e9d68c5e5ffc11de40a35f2<= /a><br> > <br> > commit e4ab361e53945a6c3e9d68c5e5ffc11de40a35f2<br> > Author:=C2=A0 =C2=A0 =C2=A0Andriy Gapon <avg@FreeBSD.org><br> > AuthorDate: 2024-02-06 08:55:13 +0000<br> > Commit:=C2=A0 =C2=A0 =C2=A0Andriy Gapon <avg@FreeBSD.org><br> > CommitDate: 2024-02-06 08:55:13 +0000<br> > <br> >=C2=A0 =C2=A0 =C2=A0 fix poweroff regression from 9cdf326b4f by delayin= g shutdown_halt<br> >=C2=A0 =C2=A0 =C2=A0 <br> >=C2=A0 =C2=A0 =C2=A0 The regression affected ACPI-based systems without= EFI poweroff support<br> >=C2=A0 =C2=A0 =C2=A0 (including VMs).<br> >=C2=A0 =C2=A0 =C2=A0 <br> >=C2=A0 =C2=A0 =C2=A0 The key reason for the regression is that I overlo= oked that poweroff is<br> >=C2=A0 =C2=A0 =C2=A0 requested by RB_POWEROFF | RB_HALT combination of = flags.=C2=A0 In my opinion,<br> >=C2=A0 =C2=A0 =C2=A0 that command is a bit bipolar, but since we've= been doing that forever,<br> >=C2=A0 =C2=A0 =C2=A0 then so be it.=C2=A0 Because of that flag combinat= ion, the order of<br> >=C2=A0 =C2=A0 =C2=A0 shutdown_final handlers that check for either flag= does matter.<br> >=C2=A0 =C2=A0 =C2=A0 <br> >=C2=A0 =C2=A0 =C2=A0 Some additional complexity comes from platform-spe= cific shutdown_final<br> >=C2=A0 =C2=A0 =C2=A0 handlers that aim to handle multiple reboot option= s at once.=C2=A0 E.g.,<br> >=C2=A0 =C2=A0 =C2=A0 acpi_shutdown_final handles both poweroff and rebo= ot / reset.=C2=A0 As<br> >=C2=A0 =C2=A0 =C2=A0 explained in 9cdf326b4f, such a handler must run a= fter shutdown_panic to<br> >=C2=A0 =C2=A0 =C2=A0 give it a chance.=C2=A0 But as the change revealed= , the handler must also run<br> >=C2=A0 =C2=A0 =C2=A0 before shutdown_halt, so that the system can actua= lly power off before<br> >=C2=A0 =C2=A0 =C2=A0 entering the halt limbo.<br> >=C2=A0 =C2=A0 =C2=A0 <br> >=C2=A0 =C2=A0 =C2=A0 Previously, shutdown_panic and shutdown_halt had t= he same priority which<br> >=C2=A0 =C2=A0 =C2=A0 appears to be incompatible with handlers that can = do both poweroff and<br> >=C2=A0 =C2=A0 =C2=A0 reset.<br> <br> I want to add that having many handlers with priorities expressed like <br> SHUTDOWN_PRI_LAST =C2=B1 N while some of those handlers have implicit <br> inter-dependencies (interactions, interference) also does not help to see a= <br> clear picture.<br> <br> Perhaps it would be better to handle all (reasonable) RB flag combinations = <br> centrally in kern_reboot and then dispatch events like shutdown_reset, <br> shutdown_poweroff, etc.=C2=A0 Handlers for those events would have a single= and <br> simple job of performing that one action (perhaps failing and letting anoth= er <br> handler try).<br> <br> Also, I would split reboot howto into command and flag portions, so that on= ly <br> one command can be specified at a time.=C2=A0 E.g., I would consider RB_AUT= OBOOT <br> ("RB_REBOOT"), RB_POWEROFF, RB_HALT to be distinct commands.=C2= =A0 Then, flags like <br> RB_NOSYNC or RB_DUMP could be optional flags.<br></blockquote><div><br></di= v>Part of the problem is that RB_AUTOBOOT's value is 0. And we're u= sing bits to</div><div class=3D"gmail_quote">describe what to do (was the f= ashion in the late 80s/90s, bio used to have its</div><div class=3D"gmail_q= uote">commands as bits, not a bit field). You also didn't include RB_PO= WERCYCLE which</div><div class=3D"gmail_quote">is a new bit in this list.</= div><div class=3D"gmail_quote"><br></div><div class=3D"gmail_quote">It'= s a mess. <br></div><div class=3D"gmail_quote"><br></div><div class=3D"gmai= l_quote"><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8e= x;border-left:1px solid rgb(204,204,204);padding-left:1ex"> As an aside, some flags documented for reboot(2) do not seem to have much t= o do <br> with reboot.=C2=A0 E.g., RB_DFLTROOT affects how a system boots up, but not= how the <br> system goes for a reboot.=C2=A0 Not surprisingly, that option is not handle= d by <br> anything kicked off with reboot(2).<br> Maybe, it would make more sense if we had fast reboot support and the runni= ng <br> kernel could instruct the next kernel directly.=C2=A0 But, it's still a= bit weird <br> that flags like RB_POWEROFF and RB_DFLTROOT belong in the same domain and c= an be <br> set together.<br></blockquote><div><br></div><div>More like 'support ag= ain' since this interface is from 4BSD and hasn't been updated</div= ><div>in a very long time. It made sense when you could tell the VAX's = firmware details about</div><div>the next reboot, but we don't really h= ave that short of implementing kexec...<br></div><div><br></div><div>Though= to fix it we should maybe just have a number of handlers that are called</= div><div>at each stage, and we deal with only one bit at a time (POWERCYCLE= > POWEROFF > HALT)</div><div>and your drivers register a separate on= e for each...=C2=A0 It would be a bit more rework</div><div>in the tree, an= d there'd be a few more functions called, but it would be a minimal cha= nge.</div><div><br></div><div>But it kinda feels like we should just bite t= he bullet and have 3 handlers for these cases.</div><div>One to power cycle= , one to power off and one to halt. Then the drivers wouldn't care whic= h ones</div><div>have priority, they'd just check a bit and do what the= y are told=C2=A0 (or maybe we say that they</div><div>only run when the bit= is set to make that code simpler). And if one bit of hardware can do</div>= <div>all three, they'd have to implement 3 handlers... Tha ambiguity wo= uld be gone and the ordering</div><div>wouldn't matter.</div><div><br><= /div><div>Warner<br></div></div></div> --0000000000005c13d20610bde77f--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfrfSuX2i4Dm4W06Ep1rgAsgxtwH_XzHS0LgSwyj2_%2BJHw>