blob: 4a6e33e1af61e8ed2562c4f9f8870eefc1bc9f13
1 | =============================================================== |
2 | Softlockup detector and hardlockup detector (aka nmi_watchdog) |
3 | =============================================================== |
4 | |
5 | The Linux kernel can act as a watchdog to detect both soft and hard |
6 | lockups. |
7 | |
8 | A 'softlockup' is defined as a bug that causes the kernel to loop in |
9 | kernel mode for more than 20 seconds (see "Implementation" below for |
10 | details), without giving other tasks a chance to run. The current |
11 | stack trace is displayed upon detection and, by default, the system |
12 | will stay locked up. Alternatively, the kernel can be configured to |
13 | panic; a sysctl, "kernel.softlockup_panic", a kernel parameter, |
14 | "softlockup_panic" (see "Documentation/kernel-parameters.txt" for |
15 | details), and a compile option, "BOOTPARAM_SOFTLOCKUP_PANIC", are |
16 | provided for this. |
17 | |
18 | A 'hardlockup' is defined as a bug that causes the CPU to loop in |
19 | kernel mode for more than 10 seconds (see "Implementation" below for |
20 | details), without letting other interrupts have a chance to run. |
21 | Similarly to the softlockup case, the current stack trace is displayed |
22 | upon detection and the system will stay locked up unless the default |
23 | behavior is changed, which can be done through a sysctl, |
24 | 'hardlockup_panic', a compile time knob, "BOOTPARAM_HARDLOCKUP_PANIC", |
25 | and a kernel parameter, "nmi_watchdog" |
26 | (see "Documentation/kernel-parameters.txt" for details). |
27 | |
28 | The panic option can be used in combination with panic_timeout (this |
29 | timeout is set through the confusingly named "kernel.panic" sysctl), |
30 | to cause the system to reboot automatically after a specified amount |
31 | of time. |
32 | |
33 | === Implementation === |
34 | |
35 | The soft and hard lockup detectors are built on top of the hrtimer and |
36 | perf subsystems, respectively. A direct consequence of this is that, |
37 | in principle, they should work in any architecture where these |
38 | subsystems are present. |
39 | |
40 | A periodic hrtimer runs to generate interrupts and kick the watchdog |
41 | task. An NMI perf event is generated every "watchdog_thresh" |
42 | (compile-time initialized to 10 and configurable through sysctl of the |
43 | same name) seconds to check for hardlockups. If any CPU in the system |
44 | does not receive any hrtimer interrupt during that time the |
45 | 'hardlockup detector' (the handler for the NMI perf event) will |
46 | generate a kernel warning or call panic, depending on the |
47 | configuration. |
48 | |
49 | The watchdog task is a high priority kernel thread that updates a |
50 | timestamp every time it is scheduled. If that timestamp is not updated |
51 | for 2*watchdog_thresh seconds (the softlockup threshold) the |
52 | 'softlockup detector' (coded inside the hrtimer callback function) |
53 | will dump useful debug information to the system log, after which it |
54 | will call panic if it was instructed to do so or resume execution of |
55 | other kernel code. |
56 | |
57 | The period of the hrtimer is 2*watchdog_thresh/5, which means it has |
58 | two or three chances to generate an interrupt before the hardlockup |
59 | detector kicks in. |
60 | |
61 | As explained above, a kernel knob is provided that allows |
62 | administrators to configure the period of the hrtimer and the perf |
63 | event. The right value for a particular environment is a trade-off |
64 | between fast response to lockups and detection overhead. |
65 | |
66 | By default, the watchdog runs on all online cores. However, on a |
67 | kernel configured with NO_HZ_FULL, by default the watchdog runs only |
68 | on the housekeeping cores, not the cores specified in the "nohz_full" |
69 | boot argument. If we allowed the watchdog to run by default on |
70 | the "nohz_full" cores, we would have to run timer ticks to activate |
71 | the scheduler, which would prevent the "nohz_full" functionality |
72 | from protecting the user code on those cores from the kernel. |
73 | Of course, disabling it by default on the nohz_full cores means that |
74 | when those cores do enter the kernel, by default we will not be |
75 | able to detect if they lock up. However, allowing the watchdog |
76 | to continue to run on the housekeeping (non-tickless) cores means |
77 | that we will continue to detect lockups properly on those cores. |
78 | |
79 | In either case, the set of cores excluded from running the watchdog |
80 | may be adjusted via the kernel.watchdog_cpumask sysctl. For |
81 | nohz_full cores, this may be useful for debugging a case where the |
82 | kernel seems to be hanging on the nohz_full cores. |
83 |