HomeFreeBSD

kern_reboot(): don't clear kdb_active

Description

kern_reboot(): don't clear kdb_active

It is possible to reach this function from ddb via the "reset" command.
When this happens, we don't actually exit kdb, meaning we never execute
the latter steps of kdb_break() to restore the system state (e.g.
re-enable scheduler).

Therefore, we should not clear the kdb_active flag in this function, as
the debugger is still active. Put differently, kern_reboot() is not an
authority on kdb state, and should not touch it. The original motivation
for this assignment is not clear; I have checked thoroughly and I am
convinced it is not required by any reset code.

This fixes an edge case where a panic can be triggered during reset from
ddb:

  1. Enter ddb via keyboard break sequence (KERNEL_PANICKED() == false && td->td_critnest > 0)
  2. Execute the "reset" command
  3. kern_reboot() sets kdb_active = false
  4. A witness_checkorder() call via shutdown handler sees !kdb_active and panics

Reviewed by: imp, markj
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42684

Details

Provenance
mhorneAuthored on Nov 23 2023, 3:28 PM
Reviewer
imp
Differential Revision
D42684: kern_reboot(): don't clear kdb_active
Parents
rG960612a19f00: shutdown: tweak kproc/kthread shutdown check
Branches
Unknown
Tags
Unknown