内核挂住,无法重启

内核软死锁(soft lockup)bug原因分析

         Soft lockup名称解释:所谓,soft lockup就是说,这个bug没有让系统彻底死机,但是若干个进程(或者kernel thread)被锁死在了某个状态(一般在内核区域),很多情况下这个是由于内核锁的使用的问题。

         Linux内核对于每一个cpu都有一个监控进程,在技术界这个叫做watchdog(看门狗)。通过ps –ef | grep watchdog能够看见,进程名称大概是watchdog/X(数字:cpu逻辑编号1/2/3/4之类的)。这个进程或者线程每一秒钟运行一次,否则会睡眠和待机。这个进程运行会收集每一个cpu运行时使用数据的时间并且存放到属于每个cpu自己的内核数据结构。在内核中有很多特定的中断函数。这些中断函数会调用soft lockup计数,他会使用当前的时间戳与特定(对应的)cpu的内核数据结构中保存的时间对比,如果发现当前的时间戳比对应cpu保存的时间大于设定的阀值,他就假设监测进程或看门狗线程在一个相当可观的时间还没有执。Cpu软锁为什么会产生,是怎么产生的?如果linux内核是经过精心设计安排的CPU调度访问,那么怎么会产生cpu软死锁?那么只能说由于用户开发的或者第三方软件引入,看我们服务器内核panic的原因就是qmgr进程引起。因为每一个无限的循环都会一直有一个cpu的执行流程(qmgr进程示一个后台邮件的消息队列服务进程),并且拥有一定的优先级。Cpu调度器调度一个驱动程序来运行,如果这个驱动程序有问题并且没有被检测到,那么这个驱动程序将会暂用cpu的很长时间。根据前面的描述,看门狗进程会抓住(catch)这一点并且抛出一个软死锁(soft lockup)错误。软死锁会挂起cpu使你的系统不可用。

         如果是用户空间的进程或线程引起的问题backtrace是不会有内容的,如果内核线程那么在soft lockup消息中会显示出backtrace信息。

 

Linux内核线程死锁或死循环之后如何让系统宕机重启

在开发内核模块或驱动时,如果处理失误,导致内核线程中出现死锁或者死循环,你会发现,除了重启之外,你没有任何可以做的。这时你的输入不起任何作用,终端(不是指远程的ssh工具)只会在那重复的输出类似“BUG: soft lockup – CPU#0 stuck for 67s! [fclustertool:2043]”,更无奈的是你重启之后导致系统挂起的堆栈信息也看不到,你所能做的就是一遍遍的加调试信息,一遍遍的重启机器(这是我的经历,现在想想很傻)。

这种情况你肯定不是第一个遇到的,所以内核肯定会提供处理这种情况的一些机制。但是如何来找到这些机制在哪个地方,或者说根据什么信息去google呢?最有用的就是这句话“BUG: soft lockup – CPU#0 stuck for 67s! [fclustertool:2043]”,因为这句话提供你的信息量很大。首先,这条信息可以输出,说明即使发生死锁或者死循环,还是有代码可以执行。第二,可以通过这个日志信息,找到对应的处理函数,这个函数所在的模块就是用来处理CPU被过度使用时用到的。所以通过这个事情,可以看到内核打印出的只言片语都有可能成为你解决问题的关键,一定要从重视这些信息,从中找出有用的东西。

我经常看的内核版本是官方的2.6.32内核,这个版本中我找到的函数是softlockup_tick(),这个函数在时钟中断的处理函数run_local_timers()中调用。这个函数会首先检查watchdog线程是否被挂起,如果不是watchdog线程,会检查当前占有CPU的线程占有的时间是否超过系统配置的阈值,即softlockup_thresh。如果当前占有CPU的时间过长,则会在系统日志中输出我们上面看到的那条日志。接下来才是最关键的,就是输出模块信息、寄存器信息和堆栈信息,检查softlockup_panic的值是否为1。如果softlockup_panic为1,则调用panic()让内核挂起,输出OOPS信息。代码如下所示:

/*
* This callback runs from the timer interrupt, and checks
* whether the watchdog thread has hung or not:
*/
void softlockup_tick(void)
{
    int this_cpu = smp_processor_id();
    unsigned long touch_timestamp = per_cpu(touch_timestamp, this_cpu);
    unsigned long print_timestamp;
    struct pt_regs *regs = get_irq_regs();
    unsigned long now;
    ……

    /* Warn about unreasonable delays: */
    if (now <= (touch_timestamp + softlockup_thresh))
        return;

    per_cpu(print_timestamp, this_cpu) = touch_timestamp;
    spin_lock(&print_lock);
    printk(KERN_ERR “BUG: soft lockup – CPU#%d stuck for %lus! [%s:%d]\n”,
            this_cpu, now – touch_timestamp,
            current->comm, task_pid_nr(current));
    print_modules();
    print_irqtrace_events(current);
    if (regs)
        show_regs(regs);
    else
        dump_stack();
    spin_unlock(&print_lock);

    if (softlockup_panic)
        panic(“softlockup: hung tasks”);
}

但是softlockup_panic的值默认竟然是0,所以在出现死锁或者死循环的时候,会一直只输出日志信息,而不会宕机,这个真是好坑啊!所以你得手动修改/proc/sys/kernel/softlockup_panic的值,让内核可以在死锁或者死循环的时候可以宕机。如果你的机器中安装了kdump,在重启之后,你会得到一份内核的core文件,这时从core文件中查找问题就方便很多了,而且再也不用手动重启机器了。如果你的内核是标准内核的话,可以通过修改/proc/sys/kernel/softlockup_thresh来修改超时的阈值,如果是CentOS内核的话,对应的文件是/proc/sys/kernel/watchdog_thresh。CentOS内核和标准内核还有一个地方不一样,就是处理CPU占用时间过长的函数,CentOS下是watchdog_timer_fn()函数。

这里介绍下lockup的概念。lockup分为soft lockup和hard lockup。 soft lockup是指内核中有BUG导致在内核模式下一直循环的时间超过10s(根据实现和配置有所不同),而其他进程得不到运行的机会。hard softlockup是指内核已经挂起,可以通过watchdog这样的机制来获取详细信息。这两个概念比较类似。如果你想了解更多关于lockup的信息,可以参考这篇文档:http://www.linuxidc.com/Linux/2013-04/82063p3.htm

注意上面说的这些,都是在内核线程中有效,对用户态的死循环没用。如果要监视用户态的死循环,或者内存不足等资源的情况,强烈推荐软件层面的watchdog。你可以自己开发基于soft watchdog的监控程序,也可以安装watchdog包通过修改配置来做,非常的方便。具体的操作可以参考下面的文章,都写的非常好,非常实用:

http://www.linuxidc.com/Linux/2013-04/82064.htmhttp://www.linuxidc.com/Linux/2013-04/82065.htm

Based on kernel version 3.8. Page generated on 2013-02-20 22:01 EST.

 ===============================================================
 Softlockup detector and hardlockup detector (aka nmi_watchdog)
 ===============================================================
 
 The Linux kernel can act as a watchdog to detect both soft and hard
 lockups.
 
 A ‘softlockup’ is defined as a bug that causes the kernel to loop in kernel mode for more than 20 seconds (see “Implementation” below for details), without giving other tasks a chance to run. The current stack trace is displayed upon detection and, by default, the system will stay locked up. Alternatively, the kernel can be configured to  panic; a sysctl, “kernel.softlockup_panic”, a kernel parameter, “softlockup_panic” (see “Documentation/kernel-parameters.txt” for details), and a compile option, “BOOTPARAM_HARDLOCKUP_PANIC”, are provided for this.
 
 A ‘hardlockup’ is defined as a bug that causes the CPU to loop in  kernel mode for more than 10 seconds (see “Implementation” below for  details), without letting other interrupts have a chance to run. Similarly to the softlockup case, the current stack trace is displayed upon detection and the system will stay locked up unless the default behavior is changed, which can be done through a compile time knob, “BOOTPARAM_HARDLOCKUP_PANIC”, and a kernel parameter, “nmi_watchdog” (see “Documentation/kernel-parameters.txt” for details).
 
 The panic option can be used in combination with panic_timeout (this timeout is set through the confusingly named “kernel.panic” sysctl), to cause the system to reboot automatically after a specified amount of time.
 
 === Implementation ===
 
 The soft and hard lockup detectors are built on top of the hrtimer and perf subsystems, respectively. A direct consequence of this is that, in principle, they should work in any architecture where these subsystems are present.
 
 A periodic hrtimer runs to generate interrupts and kick the watchdog task. An NMI perf event is generated every “watchdog_thresh” (compile-time initialized to 10 and configurable through sysctl of the same name) seconds to check for hardlockups. If any CPU in the system does not receive any hrtimer interrupt during that time the ‘hardlockup detector’ (the handler for the NMI perf event) will generate a kernel warning or call panic, depending on the configuration.
 
 The watchdog task is a high priority kernel thread that updates a timestamp every time it is scheduled. If that timestamp is not updated for 2*watchdog_thresh seconds (the softlockup threshold) the ‘softlockup detector’ (coded inside the hrtimer callback function) will dump useful debug information to the system log, after which it will call panic if it was instructed to do so or resume execution of other kernel code.
 
 The period of the hrtimer is 2*watchdog_thresh/5, which means it has two or three chances to generate an interrupt before the hardlockup detector kicks in.
 
 As explained above, a kernel knob is provided that allows administrators to configure the period of the hrtimer and the perf event. The right value for a particular environment is a trade-off
 between fast response to lockups and detection overhead.