lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20251014012919.504258-1-sushrut@arista.com>
Date: Tue, 14 Oct 2025 01:29:19 +0000
From: sushrut <sushrut@...sta.com>
To: tglx@...utronix.de,
	mingo@...hat.com,
	bp@...en8.de
Cc: dave.hansen@...ux.intel.com,
	x86@...nel.org,
	hpa@...or.com,
	linux-kernel@...r.kernel.org,
	Sushrut Shirole <sushrut@...sta.com>
Subject: [PATCH] x86/reboot: Add support for restart handlers

From: Sushrut Shirole <sushrut@...sta.com>

Other architectures (ARM, PowerPC, MIPS, RISC-V) support restart
handlers via register_restart_handler(), allowing drivers to
perform direct hardware resets. x86 lacks this mechanism, creating
an architectural inconsistency.

This is particularly problematic for high-availability x86 systems
in the networking and embedded appliance space. These systems rely
on hardware watchdogs as the final defense against catastrophic
software hangs. When recovering from a true kernel lockup, the
complex, multi-step machine_restart() path (ACPI, UEFI, keyboard
controller) cannot be relied upon to execute, rendering watchdog
recovery non-deterministic.

Add a call to do_kernel_restart() at the beginning of
native_machine_restart(). This executes registered restart handlers
to perform a direct hardware reset.

If a handler succeeds, the system restarts immediately. If no
handlers are registered, or if all handlers fail, the function
returns and the standard x86 reboot sequence proceeds.

This provides a deterministic recovery path for systems with the
necessary watchdog hardware while having negligible impact on
general-purpose systems.

Rename the parameter from '__unused' to 'cmd' to pass the restart
command string to handlers, enabling command-specific behavior
(e.g., "recovery", "bootloader").

Tested on x86_64 with a custom watchdog driver that registers a
restart handler for direct hardware reset. Verified that handlers
execute before machine_shutdown(), the normal reboot path remains
unchanged when no handlers are registered, and the restart command
is properly passed to handlers.

Signed-off-by: Sushrut Shirole <sushrut@...sta.com>
---
 arch/x86/kernel/reboot.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
index 964f6b0a3d68..0d26ccd9274a 100644
--- a/arch/x86/kernel/reboot.c
+++ b/arch/x86/kernel/reboot.c
@@ -772,10 +772,11 @@ static void __machine_emergency_restart(int emergency)
 	machine_ops.emergency_restart();
 }
 
-static void native_machine_restart(char *__unused)
+static void native_machine_restart(char *cmd)
 {
 	pr_notice("machine restart\n");
 
+	do_kernel_restart(cmd);
 	if (!reboot_force)
 		machine_shutdown();
 	__machine_emergency_restart(0);
-- 
2.51.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ