]> git.saurik.com Git - apple/xnu.git/blobdiff - osfmk/i386/mp.c
xnu-4570.71.2.tar.gz
[apple/xnu.git] / osfmk / i386 / mp.c
index 219948221d0fcad17dcf49e72cb009f8a1b58921..3b72326873570e426d4e4582ba47b5aeb13129fc 100644 (file)
@@ -29,8 +29,8 @@
  * @OSF_COPYRIGHT@
  */
 
-#include <mach_rt.h>
 #include <mach_kdp.h>
+#include <kdp/kdp_internal.h>
 #include <mach_ldebug.h>
 #include <gprof.h>
 
 #endif
 #include <i386/acpi.h>
 
-#include <chud/chud_xnu.h>
-#include <chud/chud_xnu_private.h>
-
 #include <sys/kdebug.h>
 
 #include <console/serial_protos.h>
 
+#if MONOTONIC
+#include <kern/monotonic.h>
+#endif /* MONOTONIC */
+
 #if    MP_DEBUG
 #define PAUSE          delay(1000000)
 #define DBG(x...)      kprintf(x)
@@ -110,8 +111,6 @@ void                i386_cpu_IPI(int cpu);
 #if MACH_KDP
 static void    mp_kdp_wait(boolean_t flush, boolean_t isNMI);
 #endif /* MACH_KDP */
-static void    mp_rendezvous_action(void);
-static void    mp_broadcast_action(void);
 
 #if MACH_KDP
 static boolean_t       cpu_signal_pending(int cpu, mp_event_t event);
@@ -122,7 +121,13 @@ boolean_t          smp_initialized = FALSE;
 uint32_t               TSC_sync_margin = 0xFFF;
 volatile boolean_t     force_immediate_debugger_NMI = FALSE;
 volatile boolean_t     pmap_tlb_flush_timeout = FALSE;
-decl_simple_lock_data(,mp_kdp_lock);
+#if DEBUG || DEVELOPMENT
+boolean_t              mp_interrupt_watchdog_enabled = TRUE;
+uint32_t               mp_interrupt_watchdog_events = 0;
+#endif
+
+decl_simple_lock_data(,debugger_callback_lock);
+struct debugger_callback *debugger_callback = NULL;
 
 decl_lck_mtx_data(static, mp_cpu_boot_lock);
 lck_mtx_ext_t  mp_cpu_boot_lock_ext;
@@ -165,6 +170,8 @@ lck_mtx_ext_t       mp_bc_lock_ext;
 static volatile int    debugger_cpu = -1;
 volatile long   NMIPI_acks = 0;
 volatile long   NMI_count = 0;
+static NMI_reason_t    NMI_panic_reason = NONE;
+static int             vector_timed_out;
 
 extern void    NMI_cpus(void);
 
@@ -172,8 +179,6 @@ static void mp_cpus_call_init(void);
 static void    mp_cpus_call_action(void); 
 static void    mp_call_PM(void);
 
-static boolean_t       mp_cpus_call_wait_timeout = FALSE;
-
 char           mp_slave_stack[PAGE_SIZE] __attribute__((aligned(PAGE_SIZE))); // Temp stack for slave init
 
 /* PAL-related routines */
@@ -181,7 +186,7 @@ boolean_t i386_smp_init(int nmi_vector, i386_intr_func_t nmi_handler,
                int ipi_vector, i386_intr_func_t ipi_handler);
 void i386_start_cpu(int lapic_id, int cpu_num);
 void i386_send_NMI(int cpu);
-
+void NMIPI_enable(boolean_t);
 #if GPROF
 /*
  * Initialize dummy structs for profiling. These aren't used but
@@ -224,8 +229,8 @@ static void         free_warm_timer_call(timer_call_t call);
 void
 smp_init(void)
 {
-       simple_lock_init(&mp_kdp_lock, 0);
        simple_lock_init(&mp_rv_lock, 0);
+       simple_lock_init(&debugger_callback_lock, 0);
        lck_grp_attr_setdefault(&smp_lck_grp_attr);
        lck_grp_init(&smp_lck_grp, "i386_smp", &smp_lck_grp_attr);
        lck_mtx_init_ext(&mp_cpu_boot_lock, &mp_cpu_boot_lock_ext, &smp_lck_grp, LCK_ATTR_NULL);
@@ -244,6 +249,15 @@ smp_init(void)
        mp_cpus_call_init();
        mp_cpus_call_cpu_init(master_cpu);
 
+#if DEBUG || DEVELOPMENT
+       if (PE_parse_boot_argn("interrupt_watchdog",
+                              &mp_interrupt_watchdog_enabled,
+                              sizeof(mp_interrupt_watchdog_enabled))) {
+               kprintf("Interrupt watchdog %sabled\n",
+                       mp_interrupt_watchdog_enabled ? "en" : "dis");
+       }
+#endif
+
        if (PE_parse_boot_argn("TSC_sync_margin",
                                        &TSC_sync_margin, sizeof(TSC_sync_margin))) {
                kprintf("TSC sync Margin 0x%x\n", TSC_sync_margin);
@@ -440,7 +454,7 @@ intel_startCPU(
         * Initialize (or re-initialize) the descriptor tables for this cpu.
         * Propagate processor mode to slave.
         */
-       cpu_desc_init64(cpu_datap(slot_num));
+       cpu_desc_init(cpu_datap(slot_num));
 
        /* Serialize use of the slave boot stack, etc. */
        lck_mtx_lock(&mp_cpu_boot_lock);
@@ -535,18 +549,6 @@ cpu_signal_handler(x86_saved_state_t *regs)
                        DBGLOG(cpu_handle,my_cpu,MP_TLB_FLUSH);
                        i_bit_clear(MP_TLB_FLUSH, my_word);
                        pmap_update_interrupt();
-               } else if (i_bit(MP_RENDEZVOUS, my_word)) {
-                       DBGLOG(cpu_handle,my_cpu,MP_RENDEZVOUS);
-                       i_bit_clear(MP_RENDEZVOUS, my_word);
-                       mp_rendezvous_action();
-               } else if (i_bit(MP_BROADCAST, my_word)) {
-                       DBGLOG(cpu_handle,my_cpu,MP_BROADCAST);
-                       i_bit_clear(MP_BROADCAST, my_word);
-                       mp_broadcast_action();
-               } else if (i_bit(MP_CHUD, my_word)) {
-                       DBGLOG(cpu_handle,my_cpu,MP_CHUD);
-                       i_bit_clear(MP_CHUD, my_word);
-                       chudxnu_cpu_signal_handler();
                } else if (i_bit(MP_CALL, my_word)) {
                        DBGLOG(cpu_handle,my_cpu,MP_CALL);
                        i_bit_clear(MP_CALL, my_word);
@@ -574,6 +576,8 @@ static int
 NMIInterruptHandler(x86_saved_state_t *regs)
 {
        void            *stackptr;
+       char            pstr[192];
+       uint64_t        now = mach_absolute_time();
 
        if (panic_active() && !panicDebugging) {
                if (pmsafe_debug)
@@ -590,41 +594,53 @@ NMIInterruptHandler(x86_saved_state_t *regs)
        if (cpu_number() == debugger_cpu)
                goto NMExit;
 
-       if (spinlock_timed_out) {
-               char pstr[192];
-               snprintf(&pstr[0], sizeof(pstr), "Panic(CPU %d): NMIPI for spinlock acquisition timeout, spinlock: %p, spinlock owner: %p, current_thread: %p, spinlock_owner_cpu: 0x%x\n", cpu_number(), spinlock_timed_out, (void *) spinlock_timed_out->interlock.lock_data, current_thread(), spinlock_owner_cpu);
+       if (NMI_panic_reason == SPINLOCK_TIMEOUT) {
+               snprintf(&pstr[0], sizeof(pstr),
+                       "Panic(CPU %d, time %llu): NMIPI for spinlock acquisition timeout, spinlock: %p, spinlock owner: %p, current_thread: %p, spinlock_owner_cpu: 0x%x\n",
+                       cpu_number(), now, spinlock_timed_out, (void *) spinlock_timed_out->interlock.lock_data, current_thread(), spinlock_owner_cpu);
                panic_i386_backtrace(stackptr, 64, &pstr[0], TRUE, regs);
-       } else if (mp_cpus_call_wait_timeout) {
-               char pstr[192];
-               snprintf(&pstr[0], sizeof(pstr), "Panic(CPU %d): Unresponsive processor, this CPU timed-out during cross-call\n", cpu_number());
-               panic_i386_backtrace(stackptr, 64, &pstr[0], TRUE, regs);
-       } else if (pmap_tlb_flush_timeout == TRUE) {
-               char pstr[128];
-               snprintf(&pstr[0], sizeof(pstr), "Panic(CPU %d): Unresponsive processor (this CPU did not acknowledge interrupts) TLB state:0x%x\n", cpu_number(), current_cpu_datap()->cpu_tlb_invalid);
+       } else if (NMI_panic_reason == TLB_FLUSH_TIMEOUT) {
+               snprintf(&pstr[0], sizeof(pstr),
+                       "Panic(CPU %d, time %llu): NMIPI for unresponsive processor: TLB flush timeout, TLB state:0x%x\n",
+                       cpu_number(), now, current_cpu_datap()->cpu_tlb_invalid);
                panic_i386_backtrace(stackptr, 48, &pstr[0], TRUE, regs);
-       } 
-
+       } else if (NMI_panic_reason == CROSSCALL_TIMEOUT) {
+               snprintf(&pstr[0], sizeof(pstr),
+                       "Panic(CPU %d, time %llu): NMIPI for unresponsive processor: cross-call timeout\n",
+                       cpu_number(), now);
+               panic_i386_backtrace(stackptr, 64, &pstr[0], TRUE, regs);
+       } else if (NMI_panic_reason == INTERRUPT_WATCHDOG) {
+               snprintf(&pstr[0], sizeof(pstr),
+                       "Panic(CPU %d, time %llu): NMIPI for unresponsive processor: interrupt watchdog for vector 0x%x\n",
+                       cpu_number(), now, vector_timed_out);
+               panic_i386_backtrace(stackptr, 64, &pstr[0], TRUE, regs);
+       }
+       
 #if MACH_KDP
        if (pmsafe_debug && !kdp_snapshot)
                pmSafeMode(&current_cpu_datap()->lcpu, PM_SAFE_FL_SAFE);
        current_cpu_datap()->cpu_NMI_acknowledged = TRUE;
        i_bit_clear(MP_KDP, &current_cpu_datap()->cpu_signals);
-       if (pmap_tlb_flush_timeout ||
-           spinlock_timed_out ||
-           mp_cpus_call_wait_timeout ||
-           panic_active()) {
+       if (panic_active() || NMI_panic_reason != NONE) {
                mp_kdp_wait(FALSE, TRUE);
-       } else if (virtualized && (debug_boot_arg & DB_NMI)) {
+       } else if (!mp_kdp_trap &&
+                  !mp_kdp_is_NMI &&
+                  virtualized && (debug_boot_arg & DB_NMI)) {
                /*
                 * Under a VMM with the debug boot-arg set, drop into kdp.
                 * Since an NMI is involved, there's a risk of contending with
                 * a panic. And side-effects of NMIs may result in entry into, 
                 * and continuing from, the debugger being unreliable.
                 */
-               kprintf_break_lock();
-               kprintf("Debugger entry requested by NMI\n");
-               kdp_i386_trap(T_DEBUG, saved_state64(regs), 0, 0);
-               printf("Debugger entry requested by NMI\n");
+               if (__sync_bool_compare_and_swap(&mp_kdp_is_NMI, FALSE, TRUE)) {
+                       kprintf_break_lock();
+                       kprintf("Debugger entry requested by NMI\n");
+                       kdp_i386_trap(T_DEBUG, saved_state64(regs), 0, 0);
+                       printf("Debugger entry requested by NMI\n");
+                       mp_kdp_is_NMI = FALSE;
+               } else {
+                       mp_kdp_wait(FALSE, FALSE);
+               }
        } else {
                mp_kdp_wait(FALSE, FALSE);
        }
@@ -676,7 +692,7 @@ NMI_cpus(void)
        intrs_enabled = ml_set_interrupts_enabled(FALSE);
 
        for (cpu = 0; cpu < real_ncpus; cpu++) {
-               if (!cpu_datap(cpu)->cpu_running)
+               if (!cpu_is_running(cpu))
                        continue;
                cpu_datap(cpu)->cpu_NMI_acknowledged = FALSE;
                cpu_NMI_interrupt(cpu);
@@ -760,44 +776,6 @@ i386_signal_cpu(int cpu, mp_event_t event, mp_sync_t mode)
                KERNEL_DEBUG(TRACE_MP_TLB_FLUSH | DBG_FUNC_END, cpu, 0, 0, 0, 0);
 }
 
-/*
- * Send event to all running cpus.
- * Called with the topology locked.
- */
-void
-i386_signal_cpus(mp_event_t event, mp_sync_t mode)
-{
-       unsigned int    cpu;
-       unsigned int    my_cpu = cpu_number();
-
-       assert(hw_lock_held((hw_lock_t)&x86_topo_lock));
-
-       for (cpu = 0; cpu < real_ncpus; cpu++) {
-               if (cpu == my_cpu || !cpu_datap(cpu)->cpu_running)
-                       continue;
-               i386_signal_cpu(cpu, event, mode);
-       }
-}
-
-/*
- * Return the number of running cpus.
- * Called with the topology locked.
- */
-int
-i386_active_cpus(void)
-{
-       unsigned int    cpu;
-       unsigned int    ncpus = 0;
-
-       assert(hw_lock_held((hw_lock_t)&x86_topo_lock));
-
-       for (cpu = 0; cpu < real_ncpus; cpu++) {
-               if (cpu_datap(cpu)->cpu_running)
-                       ncpus++;
-       }
-       return(ncpus);
-}
-
 /*
  * Helper function called when busy-waiting: panic if too long
  * a TSC-based time has elapsed since the start of the spin.
@@ -816,16 +794,17 @@ mp_spin_timeout(uint64_t tsc_start)
         * unless we have serial console printing (kprintf) enabled
         * in which case we allow an even greater margin.
         */
-       tsc_timeout = disable_serial_output ? (uint64_t) LockTimeOutTSC << 2
-                                           : (uint64_t) LockTimeOutTSC << 4;
+       tsc_timeout = disable_serial_output ? LockTimeOutTSC << 2
+                                           : LockTimeOutTSC << 4;
        return  (rdtsc64() > tsc_start + tsc_timeout);
 }
 
 /*
  * Helper function to take a spinlock while ensuring that incoming IPIs
  * are still serviced if interrupts are masked while we spin.
+ * Returns current interrupt state.
  */
-static boolean_t
+boolean_t
 mp_safe_spin_lock(usimple_lock_t lock)
 {
        if (ml_get_interrupts_enabled()) {
@@ -841,11 +820,9 @@ mp_safe_spin_lock(usimple_lock_t lock)
                                                   lock->interlock.lock_data;
                                spinlock_timed_out = lock;
                                lock_cpu = spinlock_timeout_NMI(lowner);
-                               panic("mp_safe_spin_lock() timed out,"
-                                     " lock: %p, owner thread: 0x%lx,"
-                                     " current_thread: %p, owner on CPU 0x%x",
-                                     lock, lowner,
-                                     current_thread(), lock_cpu);
+                               NMIPI_panic(cpu_to_cpumask(lock_cpu), SPINLOCK_TIMEOUT);
+                               panic("mp_safe_spin_lock() timed out, lock: %p, owner thread: 0x%lx, current_thread: %p, owner on CPU 0x%x, time: %llu",
+                                     lock, lowner, current_thread(), lock_cpu, mach_absolute_time());
                        }
                }
                return FALSE;
@@ -867,7 +844,7 @@ mp_safe_spin_lock(usimple_lock_t lock)
  */
 
 static void
-mp_rendezvous_action(void)
+mp_rendezvous_action(__unused void *null)
 {
        boolean_t       intrs_enabled;
        uint64_t        tsc_spin_start;
@@ -948,13 +925,10 @@ mp_rendezvous(void (*setup_func)(void *),
         * signal other processors, which will call mp_rendezvous_action()
         * with interrupts disabled
         */
-       (void) mp_safe_spin_lock(&x86_topo_lock);
-       mp_rv_ncpus = i386_active_cpus();
-       i386_signal_cpus(MP_RENDEZVOUS, ASYNC);
-       simple_unlock(&x86_topo_lock);
+       mp_rv_ncpus = mp_cpus_call(CPUMASK_OTHERS, NOSYNC, &mp_rendezvous_action, NULL) + 1;
 
        /* call executor function on this cpu */
-       mp_rendezvous_action();
+       mp_rendezvous_action(NULL);
 
        /*
         * Spin for everyone to complete.
@@ -1045,18 +1019,34 @@ mp_call_head_lock(mp_call_queue_t *cqp)
        return intrs_enabled;
 }
 
+/*
+ * Deliver an NMIPI to a set of processors to cause them to panic .
+ */
 void
-mp_cpus_NMIPI(cpumask_t cpu_mask) {
+NMIPI_panic(cpumask_t cpu_mask, NMI_reason_t why) {
        unsigned int cpu, cpu_bit;
        uint64_t deadline;
 
+       NMIPI_enable(TRUE);
+       NMI_panic_reason = why;
+
        for (cpu = 0, cpu_bit = 1; cpu < real_ncpus; cpu++, cpu_bit <<= 1) {
-               if (cpu_mask & cpu_bit)
-                       cpu_NMI_interrupt(cpu);
+               if ((cpu_mask & cpu_bit) == 0)
+                       continue;
+               cpu_datap(cpu)->cpu_NMI_acknowledged = FALSE;
+               cpu_NMI_interrupt(cpu);
+       }
+
+       /* Wait (only so long) for NMi'ed cpus to respond */
+       deadline = mach_absolute_time() + LockTimeOut;
+       for (cpu = 0, cpu_bit = 1; cpu < real_ncpus; cpu++, cpu_bit <<= 1) {
+               if ((cpu_mask & cpu_bit) == 0)
+                       continue;
+               while (!cpu_datap(cpu)->cpu_NMI_acknowledged &&
+                       mach_absolute_time() < deadline) {
+                       cpu_pause();
+               }
        }
-       deadline = mach_absolute_time() + (LockTimeOut);
-       while (mach_absolute_time() < deadline)
-               cpu_pause();
 }
 
 #if MACH_ASSERT
@@ -1212,7 +1202,6 @@ mp_cpus_call(
                        (void (*)(void *,void *))action_func,
                        arg,
                        NULL,
-                       NULL,
                        NULL);
 }
 
@@ -1224,6 +1213,7 @@ mp_cpus_call_wait(boolean_t       intrs_enabled,
        mp_call_queue_t         *cqp;
        uint64_t                tsc_spin_start;
 
+       assert(ml_get_interrupts_enabled() == 0 || get_preemption_level() != 0);
        cqp = &mp_cpus_call_head[cpu_number()];
 
        tsc_spin_start = rdtsc64();
@@ -1237,9 +1227,8 @@ mp_cpus_call_wait(boolean_t       intrs_enabled,
                if (mp_spin_timeout(tsc_spin_start)) {
                        cpumask_t       cpus_unresponsive;
 
-                       mp_cpus_call_wait_timeout = TRUE;
                        cpus_unresponsive = cpus_called & ~(*cpus_responded);
-                       mp_cpus_NMIPI(cpus_unresponsive);
+                       NMIPI_panic(cpus_unresponsive, CROSSCALL_TIMEOUT);
                        panic("mp_cpus_call_wait() timeout, cpus: 0x%llx",
                                cpus_unresponsive);
                }
@@ -1253,14 +1242,12 @@ mp_cpus_call1(
         void           (*action_func)(void *, void *),
         void           *arg0,
         void           *arg1,
-       cpumask_t       *cpus_calledp,
-       cpumask_t       *cpus_notcalledp)
+       cpumask_t       *cpus_calledp)
 {
-       cpu_t           cpu;
+       cpu_t           cpu = 0;
        boolean_t       intrs_enabled = FALSE;
        boolean_t       call_self = FALSE;
        cpumask_t       cpus_called = 0;
-       cpumask_t       cpus_notcalled = 0;
        cpumask_t       cpus_responded = 0;
        long            cpus_call_count = 0;
        uint64_t        tsc_spin_start;
@@ -1299,7 +1286,7 @@ mp_cpus_call1(
        }
        for (cpu = 0; cpu < (cpu_t) real_ncpus; cpu++) {
                if (((cpu_to_cpumask(cpu) & cpus) == 0) ||
-                   !cpu_datap(cpu)->cpu_running)
+                   !cpu_is_running(cpu))
                        continue;
                tsc_spin_start = rdtsc64();
                if (cpu == (cpu_t) cpu_number()) {
@@ -1318,7 +1305,6 @@ mp_cpus_call1(
                } else {
                        /*
                         * Here to queue a call to cpu and IPI.
-                        * Spinning for request buffer unless NOSYNC.
                         */
                        mp_call_t       *callp = NULL;
                        mp_call_queue_t *cqp = &mp_cpus_call_head[cpu];
@@ -1328,34 +1314,23 @@ mp_cpus_call1(
                        if (callp == NULL)
                                callp = mp_call_alloc();
                        intrs_inner = mp_call_head_lock(cqp);
-                       if (mode == NOSYNC) {
-                               if (callp == NULL) {
-                                       cpus_notcalled |= cpu_to_cpumask(cpu);
-                                       mp_call_head_unlock(cqp, intrs_inner);
-                                       KERNEL_DEBUG_CONSTANT(
-                                               TRACE_MP_CPUS_CALL_NOBUF,
-                                               cpu, 0, 0, 0, 0);
-                                       continue;
-                               }
-                               callp->maskp = NULL;
-                       } else {
-                               if (callp == NULL) {
-                                       mp_call_head_unlock(cqp, intrs_inner);
-                                       KERNEL_DEBUG_CONSTANT(
-                                               TRACE_MP_CPUS_CALL_NOBUF,
-                                               cpu, 0, 0, 0, 0);
-                                       if (!intrs_inner) {
-                                               /* Sniffing w/o locking */
-                                               if (!queue_empty(&cqp->queue))
-                                                       mp_cpus_call_action();
-                                               handle_pending_TLB_flushes();
-                                       }
-                                       if (mp_spin_timeout(tsc_spin_start))
-                                               panic("mp_cpus_call1() timeout");
-                                       goto queue_call;
+                       if (callp == NULL) {
+                               mp_call_head_unlock(cqp, intrs_inner);
+                               KERNEL_DEBUG_CONSTANT(
+                                       TRACE_MP_CPUS_CALL_NOBUF,
+                                       cpu, 0, 0, 0, 0);
+                               if (!intrs_inner) {
+                                       /* Sniffing w/o locking */
+                                       if (!queue_empty(&cqp->queue))
+                                               mp_cpus_call_action();
+                                       handle_pending_TLB_flushes();
                                }
-                               callp->maskp = &cpus_responded;
+                               if (mp_spin_timeout(tsc_spin_start))
+                                       panic("mp_cpus_call1() timeout start: 0x%llx, cur: 0x%llx",
+                                             tsc_spin_start, rdtsc64());
+                               goto queue_call;
                        }
+                       callp->maskp = (mode == NOSYNC) ? NULL : &cpus_responded;
                        callp->func = action_func;
                        callp->arg0 = arg0;
                        callp->arg1 = arg1;
@@ -1386,13 +1361,13 @@ mp_cpus_call1(
                }
        }
 
-       /* Safe to allow pre-emption now */
-       mp_enable_preemption();
-
        /* For ASYNC, now wait for all signaled cpus to complete their calls */
        if (mode == ASYNC)
                mp_cpus_call_wait(intrs_enabled, cpus_called, &cpus_responded);
 
+       /* Safe to allow pre-emption now */
+       mp_enable_preemption();
+
 out:
        if (call_self){
                cpus_called |= cpu_to_cpumask(cpu);
@@ -1401,19 +1376,17 @@ out:
 
        if (cpus_calledp)
                *cpus_calledp = cpus_called;
-       if (cpus_notcalledp)
-               *cpus_notcalledp = cpus_notcalled;
 
        KERNEL_DEBUG_CONSTANT(
                TRACE_MP_CPUS_CALL | DBG_FUNC_END,
-               cpus_call_count, cpus_called, cpus_notcalled, 0, 0);
+               cpus_call_count, cpus_called, 0, 0, 0);
 
        return (cpu_t) cpus_call_count;
 }
 
 
 static void
-mp_broadcast_action(void)
+mp_broadcast_action(__unused void *null)
 {
    /* call action function */
    if (mp_bc_action_func != NULL)
@@ -1452,16 +1425,14 @@ mp_broadcast(
    /*
     * signal other processors, which will call mp_broadcast_action()
     */
-   simple_lock(&x86_topo_lock);
-   mp_bc_ncpus = i386_active_cpus();   /* total including this cpu */
-   mp_bc_count = mp_bc_ncpus;
-   i386_signal_cpus(MP_BROADCAST, ASYNC);
+   mp_bc_count = real_ncpus;                           /* assume max possible active */
+   mp_bc_ncpus = mp_cpus_call(CPUMASK_OTHERS, NOSYNC, *mp_broadcast_action, NULL) + 1;
+   atomic_decl(&mp_bc_count, real_ncpus - mp_bc_ncpus);        /* subtract inactive */
 
    /* call executor function on this cpu */
-   mp_broadcast_action();
-   simple_unlock(&x86_topo_lock);
+   mp_broadcast_action(NULL);
 
-   /* block for all cpus to have run action_func */
+   /* block for other cpus to have run action_func */
    if (mp_bc_ncpus > 1)
        thread_block(THREAD_CONTINUE_NULL);
    else
@@ -1483,7 +1454,7 @@ mp_cpus_kick(cpumask_t cpus)
        for (cpu = 0; cpu < (cpu_t) real_ncpus; cpu++) {
                if ((cpu == (cpu_t) cpu_number())
                        || ((cpu_to_cpumask(cpu) & cpus) == 0)
-                       || (!cpu_datap(cpu)->cpu_running))
+                       || !cpu_is_running(cpu))
                {
                                continue;
                }
@@ -1507,7 +1478,7 @@ i386_activate_cpu(void)
                return;
        }
 
-       simple_lock(&x86_topo_lock);
+       mp_safe_spin_lock(&x86_topo_lock);
        cdp->cpu_running = TRUE;
        started_cpu();
        simple_unlock(&x86_topo_lock);
@@ -1525,7 +1496,7 @@ i386_deactivate_cpu(void)
                TRACE_MP_CPU_DEACTIVATE | DBG_FUNC_START,
                0, 0, 0, 0, 0);
 
-       simple_lock(&x86_topo_lock);
+       mp_safe_spin_lock(&x86_topo_lock);
        cdp->cpu_running = FALSE;
        simple_unlock(&x86_topo_lock);
 
@@ -1536,6 +1507,10 @@ i386_deactivate_cpu(void)
        timer_queue_shutdown(&cdp->rtclock_timer.queue);
        mp_cpus_call(cpu_to_cpumask(master_cpu), ASYNC, timer_queue_expire_local, NULL);
 
+#if MONOTONIC
+       mt_cpu_down(cdp);
+#endif /* MONOTONIC */
+
        /*
         * Open an interrupt window
         * and ensure any pending IPI or timer is serviced
@@ -1563,12 +1538,13 @@ int     pmsafe_debug    = 1;
 
 #if    MACH_KDP
 volatile boolean_t     mp_kdp_trap = FALSE;
+volatile boolean_t     mp_kdp_is_NMI = FALSE;
 volatile unsigned long mp_kdp_ncpus;
 boolean_t              mp_kdp_state;
 
 
 void
-mp_kdp_enter(void)
+mp_kdp_enter(boolean_t proceed_on_failure)
 {
        unsigned int    cpu;
        unsigned int    ncpus = 0;
@@ -1577,11 +1553,6 @@ mp_kdp_enter(void)
 
        DBG("mp_kdp_enter()\n");
 
-#if DEBUG
-       if (!smp_initialized)
-               simple_lock_init(&mp_kdp_lock, 0);
-#endif
-
        /*
         * Here to enter the debugger.
         * In case of races, only one cpu is allowed to enter kdp after
@@ -1596,26 +1567,44 @@ mp_kdp_enter(void)
                return;
        }
 
-       cpu_datap(my_cpu)->debugger_entry_time = mach_absolute_time();
-       simple_lock(&mp_kdp_lock);
-
-       if (pmsafe_debug && !kdp_snapshot)
-           pmSafeMode(&current_cpu_datap()->lcpu, PM_SAFE_FL_SAFE);
+       uint64_t start_time = cpu_datap(my_cpu)->debugger_entry_time = mach_absolute_time();
+       int locked = 0;
+       while (!locked || mp_kdp_trap) {
+               if (locked) {
+                       simple_unlock(&x86_topo_lock);
+               }
+               if (proceed_on_failure) {
+                       if (mach_absolute_time() - start_time > 500000000ll) {
+                               kprintf("mp_kdp_enter() can't get x86_topo_lock! Debugging anyway! #YOLO\n");
+                               break;
+                       }
+                       locked = simple_lock_try(&x86_topo_lock);
+                       if (!locked) {
+                               cpu_pause();
+                       }
+               } else {
+                       mp_safe_spin_lock(&x86_topo_lock);
+                       locked = TRUE;
+               }
 
-       while (mp_kdp_trap) {
-               simple_unlock(&mp_kdp_lock);
-               DBG("mp_kdp_enter() race lost\n");
+               if (locked && mp_kdp_trap) {
+                       simple_unlock(&x86_topo_lock);
+                       DBG("mp_kdp_enter() race lost\n");
 #if MACH_KDP
-               mp_kdp_wait(TRUE, FALSE);
+                       mp_kdp_wait(TRUE, FALSE);
 #endif
-               simple_lock(&mp_kdp_lock);
+                       locked = FALSE;
+               }
        }
+
+       if (pmsafe_debug && !kdp_snapshot)
+               pmSafeMode(&current_cpu_datap()->lcpu, PM_SAFE_FL_SAFE);
+
        debugger_cpu = my_cpu;
        ncpus = 1;
-       mp_kdp_ncpus = 1;       /* self */
+       atomic_incl((volatile long *)&mp_kdp_ncpus, 1);
        mp_kdp_trap = TRUE;
        debugger_entry_time = cpu_datap(my_cpu)->debugger_entry_time;
-       simple_unlock(&mp_kdp_lock);
 
        /*
         * Deliver a nudge to other cpus, counting how many
@@ -1623,7 +1612,7 @@ mp_kdp_enter(void)
        DBG("mp_kdp_enter() signaling other processors\n");
        if (force_immediate_debugger_NMI == FALSE) {
                for (cpu = 0; cpu < real_ncpus; cpu++) {
-                       if (cpu == my_cpu || !cpu_datap(cpu)->cpu_running)
+                       if (cpu == my_cpu || !cpu_is_running(cpu))
                                continue;
                        ncpus++;
                        i386_signal_cpu(cpu, MP_KDP, ASYNC);
@@ -1639,10 +1628,7 @@ mp_kdp_enter(void)
                 * "unsafe-to-interrupt" points such as the trampolines,
                 * but neither do we want to lose state by waiting too long.
                 */
-               tsc_timeout = rdtsc64() + (ncpus * 1000 * 1000 * 10ULL);
-
-               if (virtualized)
-                       tsc_timeout = ~0ULL;
+               tsc_timeout = rdtsc64() + (LockTimeOutTSC);
 
                while (mp_kdp_ncpus != ncpus && rdtsc64() < tsc_timeout) {
                        /*
@@ -1655,24 +1641,45 @@ mp_kdp_enter(void)
                        cpu_pause();
                }
                /* If we've timed out, and some processor(s) are still unresponsive,
-                * interrupt them with an NMI via the local APIC.
+                * interrupt them with an NMI via the local APIC, iff a panic is
+                * in progress.
                 */
+               if (panic_active()) {
+                       NMIPI_enable(TRUE);
+               }
                if (mp_kdp_ncpus != ncpus) {
+                       cpumask_t cpus_NMI_pending = 0;
+                       DBG("mp_kdp_enter() timed-out on cpu %d, NMI-ing\n", my_cpu);
                        for (cpu = 0; cpu < real_ncpus; cpu++) {
-                               if (cpu == my_cpu || !cpu_datap(cpu)->cpu_running)
+                               if (cpu == my_cpu || !cpu_is_running(cpu))
                                        continue;
-                               if (cpu_signal_pending(cpu, MP_KDP))
+                               if (cpu_signal_pending(cpu, MP_KDP)) {
+                                       cpus_NMI_pending |= cpu_to_cpumask(cpu);
                                        cpu_NMI_interrupt(cpu);
+                               }
+                       }
+                       /* Wait again for the same timeout */
+                       tsc_timeout = rdtsc64() + (LockTimeOutTSC);
+                       while (mp_kdp_ncpus != ncpus && rdtsc64() < tsc_timeout) {
+                               handle_pending_TLB_flushes();
+                               cpu_pause();
+                       }
+                       if (mp_kdp_ncpus != ncpus) {
+                               kdb_printf("mp_kdp_enter(): %llu, %lu, %u TIMED-OUT WAITING FOR NMI-ACK, PROCEEDING\n", cpus_NMI_pending, mp_kdp_ncpus, ncpus);
                        }
                }
        }
        else
                for (cpu = 0; cpu < real_ncpus; cpu++) {
-                       if (cpu == my_cpu || !cpu_datap(cpu)->cpu_running)
+                       if (cpu == my_cpu || !cpu_is_running(cpu))
                                continue;
                        cpu_NMI_interrupt(cpu);
                }
 
+       if (locked) {
+               simple_unlock(&x86_topo_lock);
+       }
+
        DBG("mp_kdp_enter() %d processors done %s\n",
            (int)mp_kdp_ncpus, (mp_kdp_ncpus == ncpus) ? "OK" : "timed out");
        
@@ -1726,8 +1733,7 @@ static void
 mp_kdp_wait(boolean_t flush, boolean_t isNMI)
 {
        DBG("mp_kdp_wait()\n");
-       /* If an I/O port has been specified as a debugging aid, issue a read */
-       panic_io_port_read();
+
        current_cpu_datap()->debugger_ipi_time = mach_absolute_time();
 #if CONFIG_MCA
        /* If we've trapped due to a machine-check, save MCA registers */
@@ -1785,8 +1791,9 @@ mp_kdp_exit(void)
 
        DBG("mp_kdp_exit() done\n");
        (void) ml_set_interrupts_enabled(mp_kdp_state);
-       postcode(0);
+       postcode(MP_KDP_EXIT);
 }
+
 #endif /* MACH_KDP */
 
 boolean_t
@@ -1952,3 +1959,103 @@ ml_interrupt_prewarm(
                return cwd.cwd_result;
        }
 }
+
+#if DEBUG || DEVELOPMENT
+void
+kernel_spin(uint64_t spin_ns)
+{
+       boolean_t       istate;
+       uint64_t        spin_abs;
+       uint64_t        deadline;
+       cpu_data_t      *cdp;
+
+       kprintf("kernel_spin(%llu) spinning uninterruptibly\n", spin_ns);
+       istate = ml_set_interrupts_enabled(FALSE);
+       cdp = current_cpu_datap();
+       nanoseconds_to_absolutetime(spin_ns, &spin_abs);
+
+       /* Fake interrupt handler entry for testing mp_interrupt_watchdog() */
+       cdp->cpu_int_event_time = mach_absolute_time();
+       cdp->cpu_int_state = (void *) USER_STATE(current_thread());
+
+       deadline = mach_absolute_time() + spin_ns;
+       while (mach_absolute_time() < deadline)
+               cpu_pause();
+
+       cdp->cpu_int_event_time = 0;
+       cdp->cpu_int_state = NULL;
+
+       ml_set_interrupts_enabled(istate);
+       kprintf("kernel_spin() continuing\n");
+}
+
+/*
+ * Called from the scheduler's maintenance thread,
+ * scan running processors for long-running ISRs and:
+ *  - panic if longer than LockTimeOut, or
+ *  - log if more than a quantum.
+ */
+void
+mp_interrupt_watchdog(void)
+{
+       cpu_t                   cpu;
+       boolean_t               intrs_enabled = FALSE;
+       uint16_t                cpu_int_num;
+       uint64_t                cpu_int_event_time;
+       uint64_t                cpu_rip;
+       uint64_t                cpu_int_duration;
+       uint64_t                now;
+       x86_saved_state_t       *cpu_int_state;
+
+       if (__improbable(!mp_interrupt_watchdog_enabled))
+               return;
+
+       intrs_enabled = ml_set_interrupts_enabled(FALSE);
+       now = mach_absolute_time();
+       /*
+        * While timeouts are not suspended,
+        * check all other processors for long outstanding interrupt handling.
+        */
+       for (cpu = 0;
+            cpu < (cpu_t) real_ncpus && !machine_timeout_suspended();
+            cpu++) {
+               if ((cpu == (cpu_t) cpu_number()) ||
+                   (!cpu_is_running(cpu)))
+                       continue;
+               cpu_int_event_time = cpu_datap(cpu)->cpu_int_event_time;
+               if (cpu_int_event_time == 0)
+                       continue;
+               if (__improbable(now < cpu_int_event_time))
+                       continue;       /* skip due to inter-processor skew */
+               cpu_int_state = cpu_datap(cpu)->cpu_int_state;
+               if (__improbable(cpu_int_state == NULL))
+                       /* The interrupt may have been dismissed */
+                       continue;
+
+               /* Here with a cpu handling an interrupt */
+
+               cpu_int_duration = now - cpu_int_event_time;
+               if (__improbable(cpu_int_duration > LockTimeOut)) {
+                       cpu_int_num = saved_state64(cpu_int_state)->isf.trapno;
+                       cpu_rip = saved_state64(cpu_int_state)->isf.rip;
+                       vector_timed_out = cpu_int_num;
+                       NMIPI_panic(cpu_to_cpumask(cpu), INTERRUPT_WATCHDOG);
+                       panic("Interrupt watchdog, "
+                               "cpu: %d interrupt: 0x%x time: %llu..%llu state: %p RIP: 0x%llx",
+                               cpu, cpu_int_num, cpu_int_event_time, now, cpu_int_state, cpu_rip);
+                       /* NOT REACHED */
+               } else if (__improbable(cpu_int_duration > (uint64_t) std_quantum)) {
+                       mp_interrupt_watchdog_events++;
+                       cpu_int_num = saved_state64(cpu_int_state)->isf.trapno;
+                       cpu_rip = saved_state64(cpu_int_state)->isf.rip;
+                       ml_set_interrupts_enabled(intrs_enabled);
+                       printf("Interrupt watchdog, "
+                               "cpu: %d interrupt: 0x%x time: %llu..%llu RIP: 0x%llx\n",
+                               cpu, cpu_int_num, cpu_int_event_time, now, cpu_rip);
+                       return;
+               }
+       }
+
+       ml_set_interrupts_enabled(intrs_enabled);
+}
+#endif