]> git.saurik.com Git - apple/xnu.git/blobdiff - bsd/kern/kern_shutdown.c
xnu-6153.81.5.tar.gz
[apple/xnu.git] / bsd / kern / kern_shutdown.c
index fcd80032e49303f047ba3fed5a279e66e2567ddf..1e0027f953f3c98458328c2988450766c2da7950 100644 (file)
@@ -1,23 +1,29 @@
 /*
- * Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2000-2006 Apple Computer, Inc. All rights reserved.
  *
- * @APPLE_LICENSE_HEADER_START@
- * 
- * The contents of this file constitute Original Code as defined in and
- * are subject to the Apple Public Source License Version 1.1 (the
- * "License").  You may not use this file except in compliance with the
- * License.  Please obtain a copy of the License at
- * http://www.apple.com/publicsource and read it before using this file.
- * 
- * This Original Code and all software distributed under the License are
- * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
+ *
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
- * License for the specific language governing rights and limitations
- * under the License.
- * 
- * @APPLE_LICENSE_HEADER_END@
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  */
 /*
  *     File:   bsd/kern/kern_shutdown.c
 #include <sys/systm.h>
 #include <sys/kernel.h>
 #include <sys/vm.h>
-#include <sys/proc.h>
+#include <sys/proc_internal.h>
 #include <sys/user.h>
-#include <sys/buf.h>
 #include <sys/reboot.h>
 #include <sys/conf.h>
-#include <sys/vnode.h>
-#include <sys/file.h>
+#include <sys/vnode_internal.h>
+#include <sys/file_internal.h>
 #include <sys/clist.h>
 #include <sys/callout.h>
 #include <sys/mbuf.h>
 #include <sys/signal.h>
 #include <sys/tty.h>
 #include <kern/task.h>
-#include <ufs/ufs/quota.h>
-#include <ufs/ufs/inode.h>
-#if    NCPUS > 1
-#include <kern/processor.h>
-#include <kern/thread.h>
-#include <sys/lock.h>
-#endif /* NCPUS > 1 */
+#include <sys/quota.h>
 #include <vm/vm_kern.h>
 #include <mach/vm_param.h>
 #include <sys/filedesc.h>
+#include <mach/host_priv.h>
 #include <mach/host_reboot.h>
 
-int    waittime = -1;
+#include <security/audit/audit.h>
+
+#include <kern/sched_prim.h>            /* for thread_block() */
+#include <kern/host.h>                  /* for host_priv_self() */
+#include <net/if_var.h>                 /* for if_down_all() */
+#include <sys/buf_internal.h>           /* for count_busy_buffers() */
+#include <sys/mount_internal.h>         /* for vfs_unmountall() */
+#include <mach/task.h>                  /* for task_suspend() */
+#include <sys/sysproto.h>               /* abused for sync() */
+#include <kern/clock.h>                 /* for delay_for_interval() */
+#include <libkern/OSAtomic.h>
+#include <IOKit/IOPlatformExpert.h>
+
+#include <sys/kdebug.h>
+
+uint32_t system_inshutdown = 0;
+
+/* XXX should be in a header file somewhere, but isn't */
+extern void (*unmountroot_pre_hook)(void);
+
+unsigned int proc_shutdown_exitcount = 0;
+
+static int  sd_openlog(vfs_context_t);
+static int  sd_closelog(vfs_context_t);
+static void sd_log(vfs_context_t, const char *, ...);
+static void proc_shutdown(void);
+static void zprint_panic_info(void);
+extern void halt_log_enter(const char * what, const void * pc, uint64_t time);
+
+#if DEVELOPMENT || DEBUG
+extern boolean_t kdp_has_polled_corefile(void);
+#endif /* DEVELOPMENT || DEBUG */
+
+struct sd_filterargs {
+       int delayterm;
+       int shutdownstate;
+};
 
-void
-boot(paniced, howto, command)
-       int paniced, howto;
-       char *command;
+
+struct sd_iterargs {
+       int signo;              /* the signal to be posted */
+       int setsdstate;         /* shutdown state to be set */
+       int countproc;          /* count processes on action */
+       int activecount;        /* number of processes on which action was done */
+};
+
+static vnode_t sd_logvp = NULLVP;
+static off_t sd_log_offset = 0;
+
+
+static int sd_filt1(proc_t, void *);
+static int sd_filt2(proc_t, void *);
+static int sd_callback1(proc_t p, void * arg);
+static int sd_callback2(proc_t p, void * arg);
+static int sd_callback3(proc_t p, void * arg);
+
+extern boolean_t panic_include_zprint;
+extern mach_memory_info_t *panic_kext_memory_info;
+extern vm_size_t panic_kext_memory_size;
+
+static void
+zprint_panic_info(void)
 {
-       register int i;
-       int s;
-       struct proc *p = current_proc();        /* XXX */
-       int hostboot_option=0;
-       int funnel_state;
+       unsigned int  num_sites;
+       kern_return_t kr;
+
+       panic_include_zprint = TRUE;
+       panic_kext_memory_info = NULL;
+       panic_kext_memory_size = 0;
 
-       static void proc_shutdown();
-    extern void md_prepare_for_shutdown(int paniced, int howto, char * command);
+       num_sites = vm_page_diagnose_estimate();
+       panic_kext_memory_size = num_sites * sizeof(panic_kext_memory_info[0]);
 
-       funnel_state = thread_funnel_set(kernel_flock, TRUE);
+       kr = kmem_alloc(kernel_map, (vm_offset_t *)&panic_kext_memory_info, round_page(panic_kext_memory_size), VM_KERN_MEMORY_OSFMK);
+       if (kr != KERN_SUCCESS) {
+               panic_kext_memory_info = NULL;
+               return;
+       }
+
+       vm_page_diagnose(panic_kext_memory_info, num_sites, 0);
+}
 
-       md_prepare_for_shutdown(paniced, howto, command);
+int
+get_system_inshutdown()
+{
+       return system_inshutdown;
+}
+
+__abortlike
+static void
+panic_kernel(int howto, char *message)
+{
+       if ((howto & RB_PANIC_ZPRINT) == RB_PANIC_ZPRINT) {
+               zprint_panic_info();
+       }
+       panic("userspace panic: %s", message);
+}
+
+extern boolean_t compressor_store_stop_compaction;
+extern lck_mtx_t vm_swap_data_lock;
+extern int vm_swapfile_create_thread_running;
+extern int vm_swapfile_gc_thread_running;
+
+int
+reboot_kernel(int howto, char *message)
+{
+       int hostboot_option = 0;
+       uint64_t startTime;
+
+       if ((howto & (RB_PANIC | RB_QUICK)) == (RB_PANIC | RB_QUICK)) {
+               panic_kernel(howto, message);
+       }
+
+       if (!OSCompareAndSwap(0, 1, &system_inshutdown)) {
+               if ((howto & RB_QUICK) == RB_QUICK) {
+                       goto force_reboot;
+               }
+               return EBUSY;
+       }
+
+       lck_mtx_lock(&vm_swap_data_lock);
+
+       /* Turn OFF future swapfile reclaimation / compaction etc.*/
+       compressor_store_stop_compaction = TRUE;
+
+       /* wait for any current swapfile work to end */
+       while (vm_swapfile_create_thread_running || vm_swapfile_gc_thread_running) {
+               assert_wait((event_t)&compressor_store_stop_compaction, THREAD_UNINT);
+
+               lck_mtx_unlock(&vm_swap_data_lock);
+
+               thread_block(THREAD_CONTINUE_NULL);
+
+               lck_mtx_lock(&vm_swap_data_lock);
+       }
 
-       if ((howto&RB_NOSYNC)==0 && waittime < 0) {
+       lck_mtx_unlock(&vm_swap_data_lock);
+
+       /*
+        * Notify the power management root domain that the system will shut down.
+        */
+       IOSystemShutdownNotification(kIOSystemShutdownNotificationStageProcessExit);
+
+       if ((howto & RB_QUICK) == RB_QUICK) {
+               printf("Quick reboot...\n");
+               if ((howto & RB_NOSYNC) == 0) {
+                       sync((proc_t)NULL, (void *)NULL, (int *)NULL);
+               }
+       } else if ((howto & RB_NOSYNC) == 0) {
                int iter, nbusy;
 
-               waittime = 0;
-               
                printf("syncing disks... ");
 
                /*
                 * Release vnodes held by texts before sync.
                 */
 
-               /* handle live procs (deallocate their root and current directories). */                
+               /* handle live procs (deallocate their root and current directories), suspend initproc */
+
+               startTime = mach_absolute_time();
                proc_shutdown();
+               halt_log_enter("proc_shutdown", 0, mach_absolute_time() - startTime);
 
-               sync(p, (void *)NULL, (int *)NULL);
+#if CONFIG_AUDIT
+               startTime = mach_absolute_time();
+               audit_shutdown();
+               halt_log_enter("audit_shutdown", 0, mach_absolute_time() - startTime);
+#endif
 
-               /* Release vnodes from the VM object cache */    
-               ubc_unmountall();
+               if (unmountroot_pre_hook != NULL) {
+                       unmountroot_pre_hook();
+               }
+
+               startTime = mach_absolute_time();
+               sync((proc_t)NULL, (void *)NULL, (int *)NULL);
 
-               IOSleep( 1 * 1000 );
+               if (kdebug_enable) {
+                       startTime = mach_absolute_time();
+                       kdbg_dump_trace_to_file("/var/log/shutdown/shutdown.trace");
+                       halt_log_enter("shutdown.trace", 0, mach_absolute_time() - startTime);
+               }
+
+               IOSystemShutdownNotification(kIOSystemShutdownNotificationStageRootUnmount);
 
                /*
                 * Unmount filesystems
                 */
-               if (panicstr == 0)
+
+#if DEVELOPMENT || DEBUG
+               if (!(howto & RB_PANIC) || !kdp_has_polled_corefile())
+#endif /* DEVELOPMENT || DEBUG */
+               {
+                       startTime = mach_absolute_time();
                        vfs_unmountall();
+                       halt_log_enter("vfs_unmountall", 0, mach_absolute_time() - startTime);
+               }
 
                /* Wait for the buffer cache to clean remaining dirty buffers */
-               for (iter = 0; iter < 20; iter++) {
+               startTime = mach_absolute_time();
+               for (iter = 0; iter < 100; iter++) {
                        nbusy = count_busy_buffers();
-                       if (nbusy == 0)
+                       if (nbusy == 0) {
                                break;
+                       }
                        printf("%d ", nbusy);
-                       IOSleep( 4 * nbusy );
+                       delay_for_interval( 1 * nbusy, 1000 * 1000);
                }
-               if (nbusy)
+               if (nbusy) {
                        printf("giving up\n");
-               else
+               } else {
                        printf("done\n");
+               }
+               halt_log_enter("bufferclean", 0, mach_absolute_time() - startTime);
        }
-
+#if NETWORKING
        /*
         * Can't just use an splnet() here to disable the network
         * because that will lock out softints which the disk
         * drivers depend on to finish DMAs.
         */
+       startTime = mach_absolute_time();
        if_down_all();
+       halt_log_enter("if_down_all", 0, mach_absolute_time() - startTime);
+#endif /* NETWORKING */
 
-       if (howto & RB_POWERDOWN)
-               hostboot_option = HOST_REBOOT_HALT;
-       if (howto & RB_HALT)
-               hostboot_option = HOST_REBOOT_HALT;
-       if (paniced == RB_PANIC)
+force_reboot:
+
+       if (howto & RB_PANIC) {
+               panic_kernel(howto, message);
+       }
+
+       if (howto & RB_HALT) {
                hostboot_option = HOST_REBOOT_HALT;
+       }
 
-       if (hostboot_option == HOST_REBOOT_HALT)
-               IOSleep( 1 * 1000 );
+       if (howto & RB_UPSDELAY) {
+               hostboot_option = HOST_REBOOT_UPSDELAY;
+       }
 
        host_reboot(host_priv_self(), hostboot_option);
+       /*
+        * should not be reached
+        */
+       return 0;
+}
+
+static int
+sd_openlog(vfs_context_t ctx)
+{
+       int error = 0;
+       struct timeval tv;
+
+       /* Open shutdown log */
+       if ((error = vnode_open(PROC_SHUTDOWN_LOG, (O_CREAT | FWRITE | O_NOFOLLOW), 0644, 0, &sd_logvp, ctx))) {
+               printf("Failed to open %s: error %d\n", PROC_SHUTDOWN_LOG, error);
+               sd_logvp = NULLVP;
+               return error;
+       }
+
+       vnode_setsize(sd_logvp, (off_t)0, 0, ctx);
+
+       /* Write a little header */
+       microtime(&tv);
+       sd_log(ctx, "Process shutdown log.  Current time is %lu (in seconds).\n\n", tv.tv_sec);
+
+       return 0;
+}
 
-       thread_funnel_set(kernel_flock, FALSE);
+static int
+sd_closelog(vfs_context_t ctx)
+{
+       int error = 0;
+       if (sd_logvp != NULLVP) {
+               VNOP_FSYNC(sd_logvp, MNT_WAIT, ctx);
+               error = vnode_close(sd_logvp, FWRITE, ctx);
+       }
+
+       return error;
 }
 
+static void
+sd_log(vfs_context_t ctx, const char *fmt, ...)
+{
+       int resid, log_error, len;
+       char logbuf[100];
+       va_list arglist;
+
+       /* If the log isn't open yet, open it */
+       if (sd_logvp == NULLVP) {
+               if (sd_openlog(ctx) != 0) {
+                       /* Couldn't open, we fail out */
+                       return;
+               }
+       }
+
+       va_start(arglist, fmt);
+       len = vsnprintf(logbuf, sizeof(logbuf), fmt, arglist);
+       log_error = vn_rdwr(UIO_WRITE, sd_logvp, (caddr_t)logbuf, len, sd_log_offset,
+           UIO_SYSSPACE, IO_UNIT | IO_NOAUTH, vfs_context_ucred(ctx), &resid, vfs_context_proc(ctx));
+       if (log_error == EIO || log_error == 0) {
+               sd_log_offset += (len - resid);
+       }
+
+       va_end(arglist);
+}
+
+static int
+sd_filt1(proc_t p, void * args)
+{
+       proc_t self = current_proc();
+       struct sd_filterargs * sf = (struct sd_filterargs *)args;
+       int delayterm = sf->delayterm;
+       int shutdownstate = sf->shutdownstate;
+
+       if (((p->p_flag & P_SYSTEM) != 0) || (p->p_ppid == 0)
+           || (p == self) || (p->p_stat == SZOMB)
+           || (p->p_shutdownstate != shutdownstate)
+           || ((delayterm == 0) && ((p->p_lflag & P_LDELAYTERM) == P_LDELAYTERM))
+           || ((p->p_sigcatch & sigmask(SIGTERM)) == 0)) {
+               return 0;
+       } else {
+               return 1;
+       }
+}
+
+
+static int
+sd_callback1(proc_t p, void * args)
+{
+       struct sd_iterargs * sd = (struct sd_iterargs *)args;
+       int signo = sd->signo;
+       int setsdstate = sd->setsdstate;
+       int countproc = sd->countproc;
+
+       proc_lock(p);
+       p->p_shutdownstate = setsdstate;
+       if (p->p_stat != SZOMB) {
+               proc_unlock(p);
+               if (countproc != 0) {
+                       proc_list_lock();
+                       p->p_listflag |= P_LIST_EXITCOUNT;
+                       proc_shutdown_exitcount++;
+                       proc_list_unlock();
+               }
+
+               psignal(p, signo);
+               if (countproc != 0) {
+                       sd->activecount++;
+               }
+       } else {
+               proc_unlock(p);
+       }
+
+       return PROC_RETURNED;
+}
+
+static int
+sd_filt2(proc_t p, void * args)
+{
+       proc_t self = current_proc();
+       struct sd_filterargs * sf = (struct sd_filterargs *)args;
+       int delayterm = sf->delayterm;
+       int shutdownstate = sf->shutdownstate;
+
+       if (((p->p_flag & P_SYSTEM) != 0) || (p->p_ppid == 0)
+           || (p == self) || (p->p_stat == SZOMB)
+           || (p->p_shutdownstate == shutdownstate)
+           || ((delayterm == 0) && ((p->p_lflag & P_LDELAYTERM) == P_LDELAYTERM))) {
+               return 0;
+       } else {
+               return 1;
+       }
+}
+
+static int
+sd_callback2(proc_t p, void * args)
+{
+       struct sd_iterargs * sd = (struct sd_iterargs *)args;
+       int signo = sd->signo;
+       int setsdstate = sd->setsdstate;
+       int countproc = sd->countproc;
+
+       proc_lock(p);
+       p->p_shutdownstate = setsdstate;
+       if (p->p_stat != SZOMB) {
+               proc_unlock(p);
+               if (countproc != 0) {
+                       proc_list_lock();
+                       p->p_listflag |= P_LIST_EXITCOUNT;
+                       proc_shutdown_exitcount++;
+                       proc_list_unlock();
+               }
+               psignal(p, signo);
+               if (countproc != 0) {
+                       sd->activecount++;
+               }
+       } else {
+               proc_unlock(p);
+       }
+
+       return PROC_RETURNED;
+}
+
+static int
+sd_callback3(proc_t p, void * args)
+{
+       struct sd_iterargs * sd = (struct sd_iterargs *)args;
+       vfs_context_t ctx = vfs_context_current();
+
+       int setsdstate = sd->setsdstate;
+
+       proc_lock(p);
+       p->p_shutdownstate = setsdstate;
+       if (p->p_stat != SZOMB) {
+               /*
+                * NOTE: following code ignores sig_lock and plays
+                * with exit_thread correctly.  This is OK unless we
+                * are a multiprocessor, in which case I do not
+                * understand the sig_lock.  This needs to be fixed.
+                * XXX
+                */
+               if (p->exit_thread) {   /* someone already doing it */
+                       proc_unlock(p);
+                       /* give him a chance */
+                       thread_block(THREAD_CONTINUE_NULL);
+               } else {
+                       p->exit_thread = current_thread();
+                       printf(".");
+
+                       sd_log(ctx, "%s[%d] had to be forced closed with exit1().\n", p->p_comm, p->p_pid);
+
+                       proc_unlock(p);
+                       KERNEL_DEBUG_CONSTANT(BSDDBG_CODE(DBG_BSD_PROC, BSD_PROC_FRCEXIT) | DBG_FUNC_NONE,
+                           p->p_pid, 0, 1, 0, 0);
+                       sd->activecount++;
+                       exit1(p, 1, (int *)NULL);
+               }
+       } else {
+               proc_unlock(p);
+       }
+
+       return PROC_RETURNED;
+}
+
+
 /*
  * proc_shutdown()
  *
@@ -148,141 +510,186 @@ boot(paniced, howto, command)
  *
  * POSIX modifications:
  *
- *     For POSIX fcntl() file locking call vno_lockrelease() on 
+ *     For POSIX fcntl() file locking call vno_lockrelease() on
  *     the file to release all of its record locks, if any.
  */
 
 static void
-proc_shutdown()
+proc_shutdown(void)
 {
-       struct proc     *p, *self;
-       struct vnode    **cdirp, **rdirp, *vp;
-       int             restart, i, TERM_catch;
+       vfs_context_t ctx = vfs_context_current();
+       struct proc *p, *self;
+       int delayterm = 0;
+       struct sd_filterargs sfargs;
+       struct sd_iterargs sdargs;
+       int error = 0;
+       struct timespec ts;
 
        /*
         *      Kill as many procs as we can.  (Except ourself...)
         */
        self = (struct proc *)current_proc();
-       
-       /*
-        * Suspend /etc/init
-        */
-       p = pfind(1);
-       if (p && p != self)
-               task_suspend(p->task);          /* stop init */
 
        /*
-        * Suspend mach_init
+        * Signal the init with SIGTERM so that he does not launch
+        * new processes
         */
-       p = pfind(2);
-       if (p && p != self)
-               task_suspend(p->task);          /* stop mach_init */
+       p = proc_find(1);
+       if (p && p != self) {
+               psignal(p, SIGTERM);
+       }
+       proc_rele(p);
 
        printf("Killing all processes ");
 
+sigterm_loop:
        /*
         * send SIGTERM to those procs interested in catching one
         */
-       for (p = allproc.lh_first; p; p = p->p_list.le_next) {
-               if (((p->p_flag&P_SYSTEM) == 0) && (p->p_pptr->p_pid != 0) && (p != self)) {
-                       if (p->p_sigcatch & sigmask(SIGTERM))
-                               psignal(p, SIGTERM);
+       sfargs.delayterm = delayterm;
+       sfargs.shutdownstate = 0;
+       sdargs.signo = SIGTERM;
+       sdargs.setsdstate = 1;
+       sdargs.countproc = 1;
+       sdargs.activecount = 0;
+
+       error = 0;
+       /* post a SIGTERM to all that catch SIGTERM and not marked for delay */
+       proc_rebootscan(sd_callback1, (void *)&sdargs, sd_filt1, (void *)&sfargs);
+
+       if (sdargs.activecount != 0 && proc_shutdown_exitcount != 0) {
+               proc_list_lock();
+               if (proc_shutdown_exitcount != 0) {
+                       /*
+                        * now wait for up to 3 seconds to allow those procs catching SIGTERM
+                        * to digest it
+                        * as soon as these procs have exited, we'll continue on to the next step
+                        */
+                       ts.tv_sec = 3;
+                       ts.tv_nsec = 0;
+                       error = msleep(&proc_shutdown_exitcount, proc_list_mlock, PWAIT, "shutdownwait", &ts);
+                       if (error != 0) {
+                               for (p = allproc.lh_first; p; p = p->p_list.le_next) {
+                                       if ((p->p_listflag & P_LIST_EXITCOUNT) == P_LIST_EXITCOUNT) {
+                                               p->p_listflag &= ~P_LIST_EXITCOUNT;
+                                       }
+                               }
+                               for (p = zombproc.lh_first; p; p = p->p_list.le_next) {
+                                       if ((p->p_listflag & P_LIST_EXITCOUNT) == P_LIST_EXITCOUNT) {
+                                               p->p_listflag &= ~P_LIST_EXITCOUNT;
+                                       }
+                               }
+                       }
                }
+               proc_list_unlock();
        }
-       /*
-        * now wait for up to 30 seconds to allow those procs catching SIGTERM
-        * to digest it
-        * as soon as these procs have exited, we'll continue on to the next step
-        */
-       for (i = 0; i < 300; i++) {
-               /*
-                * sleep for a tenth of a second
-                * and then check to see if the tasks that were sent a
-                * SIGTERM have exited
+       if (error == ETIMEDOUT) {
+               /*
+                * log the names of the unresponsive tasks
                 */
-               IOSleep(100);   
-               TERM_catch = 0;
 
-               for (p = allproc.lh_first; p; p = p->p_list.le_next) {
-                       if (((p->p_flag&P_SYSTEM) == 0) && (p->p_pptr->p_pid != 0) && (p != self)) {
-                               if (p->p_sigcatch & sigmask(SIGTERM))
-                                       TERM_catch++;
+               proc_list_lock();
+
+               for (p = allproc.lh_first; p; p = p->p_list.le_next) {
+                       if (p->p_shutdownstate == 1) {
+                               printf("%s[%d]: didn't act on SIGTERM\n", p->p_comm, p->p_pid);
+                               sd_log(ctx, "%s[%d]: didn't act on SIGTERM\n", p->p_comm, p->p_pid);
                        }
                }
-               if (TERM_catch == 0)
-                       break;
+
+               proc_list_unlock();
        }
 
        /*
         * send a SIGKILL to all the procs still hanging around
         */
-       for (p = allproc.lh_first; p; p = p->p_list.le_next) {
-               if (((p->p_flag&P_SYSTEM) == 0) && (p->p_pptr->p_pid != 0) && (p != self))
-                       psignal(p, SIGKILL);
-       }
-       /*
-        * wait for up to 60 seconds to allow these procs to exit normally
-        */
-       for (i = 0; i < 300; i++) {
-               IOSleep(200);  /* double the time from 100 to 200 for NFS requests in particular */
+       sfargs.delayterm = delayterm;
+       sfargs.shutdownstate = 2;
+       sdargs.signo = SIGKILL;
+       sdargs.setsdstate = 2;
+       sdargs.countproc = 1;
+       sdargs.activecount = 0;
 
-               for (p = allproc.lh_first; p; p = p->p_list.le_next) {
-                       if (((p->p_flag&P_SYSTEM) == 0) && (p->p_pptr->p_pid != 0) && (p != self))
-                               break;
-               }
-               if (!p)
-                       break;
-       }
+       /* post a SIGKILL to all that catch SIGTERM and not marked for delay */
+       proc_rebootscan(sd_callback2, (void *)&sdargs, sd_filt2, (void *)&sfargs);
 
-       /*
-        * if we still have procs that haven't exited, then brute force 'em
-        */
-       p = allproc.lh_first;
-       while (p) {
-               if ((p->p_flag&P_SYSTEM) || (p->p_pptr->p_pid == 0) || (p == self)) {
-                       p = p->p_list.le_next;
-               }
-               else {
-                       /*
-                        * NOTE: following code ignores sig_lock and plays
-                        * with exit_thread correctly.  This is OK unless we
-                        * are a multiprocessor, in which case I do not
-                        * understand the sig_lock.  This needs to be fixed.
-                        * XXX
+       error = 0;
+
+       if (sdargs.activecount != 0 && proc_shutdown_exitcount != 0) {
+               proc_list_lock();
+               if (proc_shutdown_exitcount != 0) {
+                       /*
+                        * wait for up to 60 seconds to allow these procs to exit normally
+                        *
+                        * History:     The delay interval was changed from 100 to 200
+                        *              for NFS requests in particular.
                         */
-                       if (p->exit_thread) {   /* someone already doing it */
-                               thread_block(0);/* give him a chance */
+                       ts.tv_sec = 10;
+                       ts.tv_nsec = 0;
+                       error = msleep(&proc_shutdown_exitcount, proc_list_mlock, PWAIT, "shutdownwait", &ts);
+                       if (error != 0) {
+                               for (p = allproc.lh_first; p; p = p->p_list.le_next) {
+                                       if ((p->p_listflag & P_LIST_EXITCOUNT) == P_LIST_EXITCOUNT) {
+                                               p->p_listflag &= ~P_LIST_EXITCOUNT;
+                                       }
+                               }
+                               for (p = zombproc.lh_first; p; p = p->p_list.le_next) {
+                                       if ((p->p_listflag & P_LIST_EXITCOUNT) == P_LIST_EXITCOUNT) {
+                                               p->p_listflag &= ~P_LIST_EXITCOUNT;
+                                       }
+                               }
                        }
-                       else {
-                               p->exit_thread = current_thread();
-                               printf(".");
-                               exit1(p, 1, (int *)NULL);
+               }
+               proc_list_unlock();
+       }
+
+       if (error == ETIMEDOUT) {
+               /*
+                * log the names of the unresponsive tasks
+                */
+
+               proc_list_lock();
+
+               for (p = allproc.lh_first; p; p = p->p_list.le_next) {
+                       if (p->p_shutdownstate == 2) {
+                               printf("%s[%d]: didn't act on SIGKILL\n", p->p_comm, p->p_pid);
+                               sd_log(ctx, "%s[%d]: didn't act on SIGKILL\n", p->p_comm, p->p_pid);
                        }
-                       p = allproc.lh_first;
                }
+
+               proc_list_unlock();
        }
-       printf("\n");
-       /*
-        *      Forcibly free resources of what's left.
-        */
-       p = allproc.lh_first;
-       while (p) {
+
        /*
-        * Close open files and release open-file table.
-        * This may block!
+        * if we still have procs that haven't exited, then brute force 'em
         */
-#ifdef notyet
-       /* panics on reboot due to "zfree: non-allocated memory in collectable zone" message */
-       fdfree(p);
-#endif /* notyet */
-       p = p->p_list.le_next;
+       sfargs.delayterm = delayterm;
+       sfargs.shutdownstate = 3;
+       sdargs.signo = 0;
+       sdargs.setsdstate = 3;
+       sdargs.countproc = 0;
+       sdargs.activecount = 0;
+
+
+
+       /* post a SIGTERM to all that catch SIGTERM and not marked for delay */
+       proc_rebootscan(sd_callback3, (void *)&sdargs, sd_filt2, (void *)&sfargs);
+       printf("\n");
+
+       /* Now start the termination of processes that are marked for delayed termn */
+       if (delayterm == 0) {
+               delayterm = 1;
+               goto  sigterm_loop;
        }
-       /* Wait for the reaper thread to run, and clean up what we have done 
-        * before we proceed with the hardcore shutdown. This reduces the race
-        * between kill_tasks and the reaper thread.
+
+       sd_closelog(ctx);
+
+       /*
+        * Now that all other processes have been terminated, suspend init
         */
-       /* thread_wakeup(&reaper_queue); */
-       /*      IOSleep( 1 * 1000);      */
+       task_suspend_internal(initproc->task);
+
+       /* drop the ref on initproc */
+       proc_rele(initproc);
        printf("continuing\n");
 }
-