Fernando Luis Vázquez Cao | 9919cba | 2012-02-09 17:42:20 -0500 | [diff] [blame^] | 1 | =============================================================== |
| 2 | Softlockup detector and hardlockup detector (aka nmi_watchdog) |
| 3 | =============================================================== |
| 4 | |
| 5 | The Linux kernel can act as a watchdog to detect both soft and hard |
| 6 | lockups. |
| 7 | |
| 8 | A 'softlockup' is defined as a bug that causes the kernel to loop in |
| 9 | kernel mode for more than 20 seconds (see "Implementation" below for |
| 10 | details), without giving other tasks a chance to run. The current |
| 11 | stack trace is displayed upon detection and, by default, the system |
| 12 | will stay locked up. Alternatively, the kernel can be configured to |
| 13 | panic; a sysctl, "kernel.softlockup_panic", a kernel parameter, |
| 14 | "softlockup_panic" (see "Documentation/kernel-parameters.txt" for |
| 15 | details), and a compile option, "BOOTPARAM_HARDLOCKUP_PANIC", are |
| 16 | provided for this. |
| 17 | |
| 18 | A 'hardlockup' is defined as a bug that causes the CPU to loop in |
| 19 | kernel mode for more than 10 seconds (see "Implementation" below for |
| 20 | details), without letting other interrupts have a chance to run. |
| 21 | Similarly to the softlockup case, the current stack trace is displayed |
| 22 | upon detection and the system will stay locked up unless the default |
| 23 | behavior is changed, which can be done through a compile time knob, |
| 24 | "BOOTPARAM_HARDLOCKUP_PANIC", and a kernel parameter, "nmi_watchdog" |
| 25 | (see "Documentation/kernel-parameters.txt" for details). |
| 26 | |
| 27 | The panic option can be used in combination with panic_timeout (this |
| 28 | timeout is set through the confusingly named "kernel.panic" sysctl), |
| 29 | to cause the system to reboot automatically after a specified amount |
| 30 | of time. |
| 31 | |
| 32 | === Implementation === |
| 33 | |
| 34 | The soft and hard lockup detectors are built on top of the hrtimer and |
| 35 | perf subsystems, respectively. A direct consequence of this is that, |
| 36 | in principle, they should work in any architecture where these |
| 37 | subsystems are present. |
| 38 | |
| 39 | A periodic hrtimer runs to generate interrupts and kick the watchdog |
| 40 | task. An NMI perf event is generated every "watchdog_thresh" |
| 41 | (compile-time initialized to 10 and configurable through sysctl of the |
| 42 | same name) seconds to check for hardlockups. If any CPU in the system |
| 43 | does not receive any hrtimer interrupt during that time the |
| 44 | 'hardlockup detector' (the handler for the NMI perf event) will |
| 45 | generate a kernel warning or call panic, depending on the |
| 46 | configuration. |
| 47 | |
| 48 | The watchdog task is a high priority kernel thread that updates a |
| 49 | timestamp every time it is scheduled. If that timestamp is not updated |
| 50 | for 2*watchdog_thresh seconds (the softlockup threshold) the |
| 51 | 'softlockup detector' (coded inside the hrtimer callback function) |
| 52 | will dump useful debug information to the system log, after which it |
| 53 | will call panic if it was instructed to do so or resume execution of |
| 54 | other kernel code. |
| 55 | |
| 56 | The period of the hrtimer is 2*watchdog_thresh/5, which means it has |
| 57 | two or three chances to generate an interrupt before the hardlockup |
| 58 | detector kicks in. |
| 59 | |
| 60 | As explained above, a kernel knob is provided that allows |
| 61 | administrators to configure the period of the hrtimer and the perf |
| 62 | event. The right value for a particular environment is a trade-off |
| 63 | between fast response to lockups and detection overhead. |