aboutsummaryrefslogtreecommitdiff
path: root/sys/sys
diff options
context:
space:
mode:
authorAndriy Gapon <avg@FreeBSD.org>2011-12-11 21:02:01 +0000
committerAndriy Gapon <avg@FreeBSD.org>2011-12-11 21:02:01 +0000
commit353705930f6982077f267795ab3b8bd7ae201b06 (patch)
tree56c7a4a1cbf236bc73c2bcadee83d2a80f84aa18 /sys/sys
parent469743871ebe3727fffb18566c681baee0a281d6 (diff)
downloadsrc-353705930f6982077f267795ab3b8bd7ae201b06.tar.gz
src-353705930f6982077f267795ab3b8bd7ae201b06.zip
panic: add a switch and infrastructure for stopping other CPUs in SMP case
Historical behavior of letting other CPUs merily go on is a default for time being. The new behavior can be switched on via kern.stop_scheduler_on_panic tunable and sysctl. Stopping of the CPUs has (at least) the following benefits: - more of the system state at panic time is preserved intact - threads and interrupts do not interfere with dumping of the system state Only one thread runs uninterrupted after panic if stop_scheduler_on_panic is set. That thread might call code that is also used in normal context and that code might use locks to prevent concurrent execution of certain parts. Those locks might be held by the stopped threads and would never be released. To work around this issue, it was decided that instead of explicit checks for panic context, we would rather put those checks inside the locking primitives. This change has substantial portions written and re-written by attilio and kib at various times. Other changes are heavily based on the ideas and patches submitted by jhb and mdf. bde has provided many insights into the details and history of the current code. The new behavior may cause problems for systems that use a USB keyboard for interfacing with system console. This is because of some unusual locking patterns in the ukbd code which have to be used because on one hand ukbd is below syscons, but on the other hand it has to interface with other usb code that uses regular mutexes/Giant for its concurrency protection. Dumping to USB-connected disks may also be affected. PR: amd64/139614 (at least) In cooperation with: attilio, jhb, kib, mdf Discussed with: arch@, bde Tested by: Eugene Grosbein <eugen@grosbein.net>, gnn, Steven Hartland <killing@multiplay.co.uk>, glebius, Andrew Boyer <aboyer@averesystems.com> (various versions of the patch) MFC after: 3 months (or never)
Notes
Notes: svn path=/head/; revision=228424
Diffstat (limited to 'sys/sys')
-rw-r--r--sys/sys/lockstat.h19
-rw-r--r--sys/sys/mutex.h3
-rw-r--r--sys/sys/systm.h9
3 files changed, 24 insertions, 7 deletions
diff --git a/sys/sys/lockstat.h b/sys/sys/lockstat.h
index ed9cffa92b62..bdfb475cfc0e 100644
--- a/sys/sys/lockstat.h
+++ b/sys/sys/lockstat.h
@@ -185,17 +185,24 @@ extern uint64_t lockstat_nsecs(void);
#define LOCKSTAT_PROFILE_OBTAIN_LOCK_SUCCESS(probe, lp, c, wt, f, l) do { \
uint32_t id; \
\
- lock_profile_obtain_lock_success(&(lp)->lock_object, c, wt, f, l); \
- if ((id = lockstat_probemap[(probe)])) \
- (*lockstat_probe_func)(id, (uintptr_t)(lp), 0, 0, 0, 0); \
+ if (!SCHEDULER_STOPPED()) { \
+ lock_profile_obtain_lock_success(&(lp)->lock_object, c, wt, \
+ f, l); \
+ if ((id = lockstat_probemap[(probe)])) \
+ (*lockstat_probe_func)(id, (uintptr_t)(lp), 0, 0, \
+ 0, 0); \
+ } \
} while (0)
#define LOCKSTAT_PROFILE_RELEASE_LOCK(probe, lp) do { \
uint32_t id; \
\
- lock_profile_release_lock(&(lp)->lock_object); \
- if ((id = lockstat_probemap[(probe)])) \
- (*lockstat_probe_func)(id, (uintptr_t)(lp), 0, 0, 0, 0); \
+ if (!SCHEDULER_STOPPED()) { \
+ lock_profile_release_lock(&(lp)->lock_object); \
+ if ((id = lockstat_probemap[(probe)])) \
+ (*lockstat_probe_func)(id, (uintptr_t)(lp), 0, 0, \
+ 0, 0); \
+ } \
} while (0)
#else /* !KDTRACE_HOOKS */
diff --git a/sys/sys/mutex.h b/sys/sys/mutex.h
index 1e88e106d8bf..d39df0f78b3e 100644
--- a/sys/sys/mutex.h
+++ b/sys/sys/mutex.h
@@ -370,7 +370,8 @@ do { \
\
if (mtx_owned(&Giant)) { \
WITNESS_SAVE(&Giant.lock_object, Giant); \
- for (_giantcnt = 0; mtx_owned(&Giant); _giantcnt++) \
+ for (_giantcnt = 0; mtx_owned(&Giant) && \
+ !SCHEDULER_STOPPED(); _giantcnt++) \
mtx_unlock(&Giant); \
}
diff --git a/sys/sys/systm.h b/sys/sys/systm.h
index 7e537ee4a082..bf8ab3ba9d17 100644
--- a/sys/sys/systm.h
+++ b/sys/sys/systm.h
@@ -47,6 +47,7 @@
extern int cold; /* nonzero if we are doing a cold boot */
extern int rebooting; /* kern_reboot() has been called. */
+extern int stop_scheduler; /* only one thread runs after panic */
extern const char *panicstr; /* panic message */
extern char version[]; /* system version */
extern char copyright[]; /* system copyright */
@@ -109,6 +110,14 @@ enum VM_GUEST { VM_GUEST_NO = 0, VM_GUEST_VM, VM_GUEST_XEN };
((uintptr_t)&(var) & (sizeof(void *) - 1)) == 0, msg)
/*
+ * If we have already panic'd and this is the thread that called
+ * panic(), then don't block on any mutexes but silently succeed.
+ * Otherwise, the kernel will deadlock since the scheduler isn't
+ * going to run the thread that holds any lock we need.
+ */
+#define SCHEDULER_STOPPED() __predict_false(stop_scheduler)
+
+/*
* XXX the hints declarations are even more misplaced than most declarations
* in this file, since they are needed in one file (per arch) and only used
* in two files.