xref: /freebsd/share/man/man4/witness.4 (revision 7aa65846327fe5bc7e5961c2f7fd0c61f2ec0b01)
1.\" Copyright (c) 2001 John H. Baldwin <jhb@FreeBSD.org>
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd February 18, 2001
28.Dt WITNESS 4
29.Os
30.Sh NAME
31.Nm witness
32.Nd lock validation facility
33.Sh SYNOPSIS
34.Cd options WITNESS
35.Cd options WITNESS_KDB
36.Cd options WITNESS_SKIPSPIN
37.Sh DESCRIPTION
38The
39.Nm
40module keeps track of the locks acquired and released by each thread.
41It also keeps track of the order in which locks are acquired with respect
42to each other.
43Each time a lock is acquired,
44.Nm
45uses these two lists to verify that a lock is not being acquired in the
46wrong order.
47If a lock order violation is detected, then a message is output to the
48kernel console detailing the locks involved and the locations in question.
49Witness can also be configured to drop into the kernel debugger when an order
50violation occurs.
51.Pp
52The
53.Nm
54code also checks various other conditions such as verifying that one
55does not recurse on a non-recursive lock.
56For sleep locks,
57.Nm
58verifies that a new process would not be switched to when a lock is released
59or a lock is blocked on during an acquire while any spin locks are held.
60If any of these checks fail, then the kernel will panic.
61.Pp
62The flag that controls whether or not the kernel debugger is entered when a
63lock order violation is detected can be set in a variety of ways.
64By default, the flag is off, but if the
65.Dv WITNESS_KDB
66kernel option is
67specified, then the flag will default to on.
68It can also be set from the
69.Xr loader 8
70via the
71.Va debug.witness.kdb
72environment variable or after the kernel has booted via the
73.Va debug.witness.kdb
74sysctl.
75If the flag is set to zero, then the debugger will not be entered.
76If the flag is non-zero, then the debugger will be entered.
77.Pp
78The
79.Nm
80code can also be configured to skip all checks on spin mutexes.
81By default, this flag defaults to off, but it can be turned on by
82specifying the
83.Dv WITNESS_SKIPSPIN
84kernel option.
85The flag can also be set via the
86.Xr loader 8
87environment variable
88.Va debug.witness.skipspin .
89If the variable is set to a non-zero value, then spin mutexes are skipped.
90Once the kernel has booted, the status of this flag can be examined but not
91set via the read-only sysctl
92.Va debug.witness.skipspin .
93.Pp
94The sysctl
95.Va debug.witness.watch
96specifies the level of witness involvement in the system.
97A value of 1 specifies that witness is enabled.
98A value of 0 specifies that witness is disabled, but that can be enabled
99again.  This will maintain a small amount of overhead in the system.
100A value of -1 specifies that witness is disabled permanently and that
101cannot be enabled again.
102The sysctl
103.Va debug.witness.watch
104can be set via
105.Xr loader 8 .
106.Pp
107The
108.Nm
109code also provides two extra
110.Xr ddb 4
111commands if both
112.Nm
113and
114.Xr ddb 4
115are compiled into the kernel:
116.Bl -ohang
117.It Ic show locks
118Outputs the list of locks held by the current thread to the kernel console
119along with the filename and line number at which each lock was last acquired
120by this thread.
121.It Ic show witness
122Dump the current order list to the kernel console.
123The code first displays the lock order tree for all of the sleep locks.
124Then it displays the lock order tree for all of the spin locks.
125Finally, it displays a list of locks that have not yet been acquired.
126.El
127.Sh SEE ALSO
128.Xr ddb 4 ,
129.Xr loader 8 ,
130.Xr sysctl 8 ,
131.Xr mutex 9
132.Sh HISTORY
133The
134.Nm
135code first appeared in
136.Bsx 5.0
137and was imported from there into
138.Fx 5.0 .
139.Sh BUGS
140The
141.Nm
142code currently does not handle recursion of shared
143.Xr sx 9
144locks properly.
145