diff options
author | avg <avg@FreeBSD.org> | 2011-12-11 21:02:01 +0000 |
---|---|---|
committer | avg <avg@FreeBSD.org> | 2011-12-11 21:02:01 +0000 |
commit | 75ddaeae802cb467ed6abb2bd33cdb33dfd34068 (patch) | |
tree | 56c7a4a1cbf236bc73c2bcadee83d2a80f84aa18 /sys/kern/subr_witness.c | |
parent | 966190317663bb888ac1921039bc6ab70ae57358 (diff) | |
download | FreeBSD-src-75ddaeae802cb467ed6abb2bd33cdb33dfd34068.zip FreeBSD-src-75ddaeae802cb467ed6abb2bd33cdb33dfd34068.tar.gz |
panic: add a switch and infrastructure for stopping other CPUs in SMP case
Historical behavior of letting other CPUs merily go on is a default for
time being. The new behavior can be switched on via
kern.stop_scheduler_on_panic tunable and sysctl.
Stopping of the CPUs has (at least) the following benefits:
- more of the system state at panic time is preserved intact
- threads and interrupts do not interfere with dumping of the system
state
Only one thread runs uninterrupted after panic if stop_scheduler_on_panic
is set. That thread might call code that is also used in normal context
and that code might use locks to prevent concurrent execution of certain
parts. Those locks might be held by the stopped threads and would never
be released. To work around this issue, it was decided that instead of
explicit checks for panic context, we would rather put those checks
inside the locking primitives.
This change has substantial portions written and re-written by attilio
and kib at various times. Other changes are heavily based on the ideas
and patches submitted by jhb and mdf. bde has provided many insights
into the details and history of the current code.
The new behavior may cause problems for systems that use a USB keyboard
for interfacing with system console. This is because of some unusual
locking patterns in the ukbd code which have to be used because on one
hand ukbd is below syscons, but on the other hand it has to interface
with other usb code that uses regular mutexes/Giant for its concurrency
protection. Dumping to USB-connected disks may also be affected.
PR: amd64/139614 (at least)
In cooperation with: attilio, jhb, kib, mdf
Discussed with: arch@, bde
Tested by: Eugene Grosbein <eugen@grosbein.net>,
gnn,
Steven Hartland <killing@multiplay.co.uk>,
glebius,
Andrew Boyer <aboyer@averesystems.com>
(various versions of the patch)
MFC after: 3 months (or never)
Diffstat (limited to 'sys/kern/subr_witness.c')
-rw-r--r-- | sys/kern/subr_witness.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/sys/kern/subr_witness.c b/sys/kern/subr_witness.c index bbf9a97..55cb2d7 100644 --- a/sys/kern/subr_witness.c +++ b/sys/kern/subr_witness.c @@ -2162,6 +2162,13 @@ witness_save(struct lock_object *lock, const char **filep, int *linep) struct lock_instance *instance; struct lock_class *class; + /* + * This function is used independently in locking code to deal with + * Giant, SCHEDULER_STOPPED() check can be removed here after Giant + * is gone. + */ + if (SCHEDULER_STOPPED()) + return; KASSERT(witness_cold == 0, ("%s: witness_cold", __func__)); if (lock->lo_witness == NULL || witness_watch == -1 || panicstr != NULL) return; @@ -2188,6 +2195,13 @@ witness_restore(struct lock_object *lock, const char *file, int line) struct lock_instance *instance; struct lock_class *class; + /* + * This function is used independently in locking code to deal with + * Giant, SCHEDULER_STOPPED() check can be removed here after Giant + * is gone. + */ + if (SCHEDULER_STOPPED()) + return; KASSERT(witness_cold == 0, ("%s: witness_cold", __func__)); if (lock->lo_witness == NULL || witness_watch == -1 || panicstr != NULL) return; |