freebsd-dev/share/man/man4/witness.4

.\" Copyright (c) 2001 John H. Baldwin <jhb@FreeBSD.org>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd February 18, 2001
.Dt WITNESS 4
.Os
.Sh NAME
.Nm witness
.Nd lock validation facility
.Sh SYNOPSIS
.Cd options WITNESS
.Cd options WITNESS_KDB
.Cd options WITNESS_SKIPSPIN
.Sh DESCRIPTION
The
.Nm
module keeps track of the locks acquired and released by each thread.
It also keeps track of the order in which locks are acquired with respect
to each other.
Each time a lock is acquired,
.Nm
uses these two lists to verify that a lock is not being acquired in the
wrong order.
If a lock order violation is detected, then a message is output to the
kernel console detailing the locks involved and the locations in question.
Witness can also be configured to drop into the kernel debugger when an order
violation occurs.
.Pp
The
.Nm
code also checks various other conditions such as verifying that one
does not recurse on a non-recursive lock.
For sleep locks,
.Nm
verifies that a new process would not be switched to when a lock is released
or a lock is blocked on during an acquire while any spin locks are held.
If any of these checks fail, then the kernel will panic.
.Pp
The flag that controls whether or not the kernel debugger is entered when a
lock order violation is detected can be set in a variety of ways.
By default, the flag is off, but if the
.Dv WITNESS_KDB
kernel option is
specified, then the flag will default to on.
It can also be set from the
.Xr loader 8
via the
.Va debug.witness.kdb
environment variable or after the kernel has booted via the
.Va debug.witness.kdb
sysctl.
If the flag is set to zero, then the debugger will not be entered.
If the flag is non-zero, then the debugger will be entered.
.Pp
The
.Nm
code can also be configured to skip all checks on spin mutexes.
By default, this flag defaults to off, but it can be turned on by
specifying the
.Dv WITNESS_SKIPSPIN
kernel option.
The flag can also be set via the
.Xr loader 8
environment variable
.Va debug.witness.skipspin .
If the variable is set to a non-zero value, then spin mutexes are skipped.
Once the kernel has booted, the status of this flag can be examined but not
set via the read-only sysctl
.Va debug.witness.skipspin .
.Pp
The sysctl
.Va debug.witness.watch
specifies the level of witness involvement in the system.
A value of 1 specifies that witness is enabled.
A value of 0 specifies that witness is disabled.
This sysctl can be written to in order to
disable witness, however it may not be used to enable witness.
The sysctl
.Va debug.witness.watch
can be set via
.Xr loader 8 .
.Pp
The
.Nm
code also provides two extra
.Xr ddb 4
commands if both
.Nm
and
.Xr ddb 4
are compiled into the kernel:
.Bl -ohang
.It Ic show locks
Outputs the list of locks held by the current thread to the kernel console
along with the filename and line number at which each lock was last acquired
by this thread.
.It Ic show witness
Dump the current order list to the kernel console.
The code first displays the lock order tree for all of the sleep locks.
Then it displays the lock order tree for all of the spin locks.
Finally, it displays a list of locks that have not yet been acquired.
.El
.Sh SEE ALSO
.Xr ddb 4 ,
.Xr loader 8 ,
.Xr sysctl 8 ,
.Xr mutex 9
.Sh HISTORY
The
.Nm
code first appeared in
.Bsx 5.0
and was imported from there into
.Fx 5.0 .
.Sh BUGS
The
.Nm
code currently does not handle recursion of shared
.Xr sx 9
locks properly.
Add a simple manpage describing the basic functionality of witness. It needs a diagonistics section added at some point in the future. 2001-03-28 12:44:30 +00:00			`.\" Copyright (c) 2001 John H. Baldwin <jhb@FreeBSD.org>`
			`.\" All rights reserved.`
			`.\"`
			`.\" Redistribution and use in source and binary forms, with or without`
			`.\" modification, are permitted provided that the following conditions`
			`.\" are met:`
			`.\" 1. Redistributions of source code must retain the above copyright`
			`.\" notice, this list of conditions and the following disclaimer.`
			`.\" 2. Redistributions in binary form must reproduce the above copyright`
			`.\" notice, this list of conditions and the following disclaimer in the`
			`.\" documentation and/or other materials provided with the distribution.`
			`.\"`
			.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
			`.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE`
			`.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE`
			`.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE`
			`.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL`
			`.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS`
			`.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)`
			`.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT`
			`.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY`
			`.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF`
			`.\" SUCH DAMAGE.`
			`.\"`
			`.\" $FreeBSD$`
			`.\"`
			`.Dd February 18, 2001`
			`.Dt WITNESS 4`
			`.Os`
			`.Sh NAME`
			`.Nm witness`
			`.Nd lock validation facility`
			`.Sh SYNOPSIS`
			`.Cd options WITNESS`
WITNESS_DDB is now called WITNESS_KDB. MFC after: 3 days 2004-11-26 13:54:56 +00:00			`.Cd options WITNESS_KDB`
Add a simple manpage describing the basic functionality of witness. It needs a diagonistics section added at some point in the future. 2001-03-28 12:44:30 +00:00			`.Cd options WITNESS_SKIPSPIN`
			`.Sh DESCRIPTION`
			`The`
			`.Nm`
			`module keeps track of the locks acquired and released by each thread.`
			`It also keeps track of the order in which locks are acquired with respect`
			`to each other.`
			`Each time a lock is acquired,`
			`.Nm`
			`uses these two lists to verify that a lock is not being acquired in the`
			`wrong order.`
			`If a lock order violation is detected, then a message is output to the`
			`kernel console detailing the locks involved and the locations in question.`
			`Witness can also be configured to drop into the kernel debugger when an order`
			`violation occurs.`
			`.Pp`
			`The`
			`.Nm`
			`code also checks various other conditions such as verifying that one`
			`does not recurse on a non-recursive lock.`
			`For sleep locks,`
			`.Nm`
			`verifies that a new process would not be switched to when a lock is released`
			`or a lock is blocked on during an acquire while any spin locks are held.`
			`If any of these checks fail, then the kernel will panic.`
			`.Pp`
			`The flag that controls whether or not the kernel debugger is entered when a`
			`lock order violation is detected can be set in a variety of ways.`
mdoc(7) police: fix markup and spelling. 2001-04-04 11:51:59 +00:00			`By default, the flag is off, but if the`
WITNESS_DDB is now called WITNESS_KDB. MFC after: 3 days 2004-11-26 13:54:56 +00:00			`.Dv WITNESS_KDB`
mdoc(7) police: fix markup and spelling. 2001-04-04 11:51:59 +00:00			`kernel option is`
Add a simple manpage describing the basic functionality of witness. It needs a diagonistics section added at some point in the future. 2001-03-28 12:44:30 +00:00			`specified, then the flag will default to on.`
			`It can also be set from the`
			`.Xr loader 8`
			`via the`
document the recent change to debug.witness.* fix spelling of debug.witness.kdb MFC after: 5 days 2004-09-06 23:37:17 +00:00			`.Va debug.witness.kdb`
Add a simple manpage describing the basic functionality of witness. It needs a diagonistics section added at some point in the future. 2001-03-28 12:44:30 +00:00			`environment variable or after the kernel has booted via the`
document the recent change to debug.witness.* fix spelling of debug.witness.kdb MFC after: 5 days 2004-09-06 23:37:17 +00:00			`.Va debug.witness.kdb`
Add a simple manpage describing the basic functionality of witness. It needs a diagonistics section added at some point in the future. 2001-03-28 12:44:30 +00:00			`sysctl.`
			`If the flag is set to zero, then the debugger will not be entered.`
			`If the flag is non-zero, then the debugger will be entered.`
			`.Pp`
			`The`
			`.Nm`
			`code can also be configured to skip all checks on spin mutexes.`
			`By default, this flag defaults to off, but it can be turned on by`
mdoc(7) police: fix markup and spelling. 2001-04-04 11:51:59 +00:00			`specifying the`
Use a plain .Dv for kernel option names rather than .Qq Dv to be consistent with other manpages. 2001-04-04 17:41:50 +00:00			`.Dv WITNESS_SKIPSPIN`
mdoc(7) police: fix markup and spelling. 2001-04-04 11:51:59 +00:00			`kernel option.`
Add a simple manpage describing the basic functionality of witness. It needs a diagonistics section added at some point in the future. 2001-03-28 12:44:30 +00:00			`The flag can also be set via the`
			`.Xr loader 8`
			`environment variable`
document the recent change to debug.witness.* fix spelling of debug.witness.kdb MFC after: 5 days 2004-09-06 23:37:17 +00:00			`.Va debug.witness.skipspin .`
Add a simple manpage describing the basic functionality of witness. It needs a diagonistics section added at some point in the future. 2001-03-28 12:44:30 +00:00			`If the variable is set to a non-zero value, then spin mutexes are skipped.`
			`Once the kernel has booted, the status of this flag can be examined but not`
			`set via the read-only sysctl`
document the recent change to debug.witness.* fix spelling of debug.witness.kdb MFC after: 5 days 2004-09-06 23:37:17 +00:00			`.Va debug.witness.skipspin .`
Add a simple manpage describing the basic functionality of witness. It needs a diagonistics section added at some point in the future. 2001-03-28 12:44:30 +00:00			`.Pp`
Document the debug.witness.watch sysctl/tuneable. 2005-04-09 14:09:54 +00:00			`The sysctl`
			`.Va debug.witness.watch`
Fix all the spelling mistakes I could find in the man pages for words that have at least 3 characters. MFC after: 1 week Thanks to: Music band ``Chingon'' for keeping me company while searching for these. 2005-07-31 03:30:48 +00:00			`specifies the level of witness involvement in the system.`
Assorted markup fixes and minor wordsmithing. Approved by: re 2005-06-15 13:31:23 +00:00			`A value of 1 specifies that witness is enabled.`
			`A value of 0 specifies that witness is disabled.`
			`This sysctl can be written to in order to`
Document the debug.witness.watch sysctl/tuneable. 2005-04-09 14:09:54 +00:00			`disable witness, however it may not be used to enable witness.`
Don't start a sentence with an identifier. Add missing cross-references to SEE ALSO. X-MFC after: 6.0-RELEASE (not a big deal to bother re@) 2005-07-13 21:12:06 +00:00			`The sysctl`
Document the debug.witness.watch sysctl/tuneable. 2005-04-09 14:09:54 +00:00			`.Va debug.witness.watch`
			`can be set via`
			`.Xr loader 8 .`
			`.Pp`
Add a simple manpage describing the basic functionality of witness. It needs a diagonistics section added at some point in the future. 2001-03-28 12:44:30 +00:00			`The`
			`.Nm`
			`code also provides two extra`
			`.Xr ddb 4`
			`commands if both`
			`.Nm`
			`and`
			`.Xr ddb 4`
			`are compiled into the kernel:`
			`.Bl -ohang`
			`.It Ic show locks`
			`Outputs the list of locks held by the current thread to the kernel console`
			`along with the filename and line number at which each lock was last acquired`
			`by this thread.`
			`.It Ic show witness`
			`Dump the current order list to the kernel console.`
			`The code first displays the lock order tree for all of the sleep locks.`
			`Then it displays the lock order tree for all of the spin locks.`
			`Finally, it displays a list of locks that have not yet been acquired.`
			`.El`
			`.Sh SEE ALSO`
			`.Xr ddb 4 ,`
Don't start a sentence with an identifier. Add missing cross-references to SEE ALSO. X-MFC after: 6.0-RELEASE (not a big deal to bother re@) 2005-07-13 21:12:06 +00:00			`.Xr loader 8 ,`
			`.Xr sysctl 8 ,`
Add a simple manpage describing the basic functionality of witness. It needs a diagonistics section added at some point in the future. 2001-03-28 12:44:30 +00:00			`.Xr mutex 9`
			`.Sh HISTORY`
			`The`
			`.Nm`
			`code first appeared in`
mdoc(7) police: s;BSD/OS;.Bsx; where appropriate. 2001-08-13 17:07:40 +00:00			`.Bsx 5.0`
			`and was imported from there into`
Add a simple manpage describing the basic functionality of witness. It needs a diagonistics section added at some point in the future. 2001-03-28 12:44:30 +00:00			`.Fx 5.0 .`
			`.Sh BUGS`
			`The`
			`.Nm`
mdoc(7) police: fix markup and spelling. 2001-04-04 11:51:59 +00:00			`code currently does not handle recursion of shared`
Add a simple manpage describing the basic functionality of witness. It needs a diagonistics section added at some point in the future. 2001-03-28 12:44:30 +00:00			`.Xr sx 9`
			`locks properly.`