On Mon, Oct 04, 2021 at 10:17:56AM -0300, Jason Gunthorpe wrote:
Shutdown is supposed to quiet the HW so it is not doing DMAs any more. This is basically an 'emergency' kind of path, the HW should be violently stopped if available - ie clearing the bus master bits on PCI, for instance.
When something like kexec happens we need the machine to be in a state where random DMA's are not corrupting memory.
That's all well and good but there's no point in implementing something half baked that's opening up a whole bunch of opportunities to crash the system if more work comes in after it's half broken the device setup.
Due to the emergency sort of nature it is not appropriate to do locking complicated sorts of things like struct device unregistrations here.
That's just not what's actually implemented in a bunch of places, nor something one would infer from the documentation ("Called at shut-down to quiesce the device", no mention of emergency cases which I'd guess would just be kdump) - there's a bunch of locks in shutdown paths, and drivers on sleeping buses with shutdown callbacks. Never mind the few of them that use a shutdown callback to power the system down, though that's a different thing and definitely abusing the API. I would guess that a good proportion of people implementing it are more worried about clean system shutdown than they are about kdump.