+
+/*
+ * XXX assuming current thread only, for now...
+ */
+void
+thread_guard_violation(thread_t thread,
+ mach_exception_data_type_t code, mach_exception_data_type_t subcode)
+{
+ assert(thread == current_thread());
+ assert(thread->task != kernel_task);
+
+ spl_t s = splsched();
+ /*
+ * Use the saved state area of the thread structure
+ * to store all info required to handle the AST when
+ * returning to userspace
+ */
+ assert(EXC_GUARD_DECODE_GUARD_TYPE(code));
+ thread->guard_exc_info.code = code;
+ thread->guard_exc_info.subcode = subcode;
+ thread_ast_set(thread, AST_GUARD);
+ ast_propagate(thread);
+
+ splx(s);
+}
+
+/*
+ * guard_ast:
+ *
+ * Handle AST_GUARD for a thread. This routine looks at the
+ * state saved in the thread structure to determine the cause
+ * of this exception. Based on this value, it invokes the
+ * appropriate routine which determines other exception related
+ * info and raises the exception.
+ */
+void
+guard_ast(thread_t t)
+{
+ const mach_exception_data_type_t
+ code = t->guard_exc_info.code,
+ subcode = t->guard_exc_info.subcode;
+
+ switch (EXC_GUARD_DECODE_GUARD_TYPE(code)) {
+ case GUARD_TYPE_MACH_PORT:
+ mach_port_guard_ast(t, code, subcode);
+ break;
+ case GUARD_TYPE_FD:
+ fd_guard_ast(t, code, subcode);
+ break;
+#if CONFIG_VNGUARD
+ case GUARD_TYPE_VN:
+ vn_guard_ast(t, code, subcode);
+ break;
+#endif
+ default:
+ panic("guard_exc_info %llx %llx", code, subcode);
+ }
+}
+
+static void
+thread_cputime_callback(int warning, __unused const void *arg0, __unused const void *arg1)
+{
+ if (warning == LEDGER_WARNING_ROSE_ABOVE) {
+#if CONFIG_TELEMETRY
+ /*
+ * This thread is in danger of violating the CPU usage monitor. Enable telemetry
+ * on the entire task so there are micro-stackshots available if and when
+ * EXC_RESOURCE is triggered. We could have chosen to enable micro-stackshots
+ * for this thread only; but now that this task is suspect, knowing what all of
+ * its threads are up to will be useful.
+ */
+ telemetry_task_ctl(current_task(), TF_CPUMON_WARNING, 1);
+#endif
+ return;
+ }
+
+#if CONFIG_TELEMETRY
+ /*
+ * If the balance has dipped below the warning level (LEDGER_WARNING_DIPPED_BELOW) or
+ * exceeded the limit, turn telemetry off for the task.
+ */
+ telemetry_task_ctl(current_task(), TF_CPUMON_WARNING, 0);
+#endif
+
+ if (warning == 0) {
+ SENDING_NOTIFICATION__THIS_THREAD_IS_CONSUMING_TOO_MUCH_CPU();
+ }
+}
+
+void __attribute__((noinline))
+SENDING_NOTIFICATION__THIS_THREAD_IS_CONSUMING_TOO_MUCH_CPU(void)
+{
+ int pid = 0;
+ task_t task = current_task();
+ thread_t thread = current_thread();
+ uint64_t tid = thread->thread_id;
+ const char *procname = "unknown";
+ time_value_t thread_total_time = {0, 0};
+ time_value_t thread_system_time;
+ time_value_t thread_user_time;
+ int action;
+ uint8_t percentage;
+ uint32_t usage_percent = 0;
+ uint32_t interval_sec;
+ uint64_t interval_ns;
+ uint64_t balance_ns;
+ boolean_t fatal = FALSE;
+ boolean_t send_exc_resource = TRUE; /* in addition to RESOURCE_NOTIFY */
+ kern_return_t kr;
+
+#ifdef EXC_RESOURCE_MONITORS
+ mach_exception_data_type_t code[EXCEPTION_CODE_MAX];
+#endif /* EXC_RESOURCE_MONITORS */
+ struct ledger_entry_info lei;
+
+ assert(thread->t_threadledger != LEDGER_NULL);
+
+ /*
+ * Extract the fatal bit and suspend the monitor (which clears the bit).
+ */
+ task_lock(task);
+ if (task->rusage_cpu_flags & TASK_RUSECPU_FLAGS_FATAL_CPUMON) {
+ fatal = TRUE;
+ send_exc_resource = TRUE;
+ }
+ /* Only one thread can be here at a time. Whichever makes it through
+ first will successfully suspend the monitor and proceed to send the
+ notification. Other threads will get an error trying to suspend the
+ monitor and give up on sending the notification. In the first release,
+ the monitor won't be resumed for a number of seconds, but we may
+ eventually need to handle low-latency resume.
+ */
+ kr = task_suspend_cpumon(task);
+ task_unlock(task);
+ if (kr == KERN_INVALID_ARGUMENT) return;
+
+#ifdef MACH_BSD
+ pid = proc_selfpid();
+ if (task->bsd_info != NULL) {
+ procname = proc_name_address(task->bsd_info);
+ }
+#endif
+
+ thread_get_cpulimit(&action, &percentage, &interval_ns);
+
+ interval_sec = (uint32_t)(interval_ns / NSEC_PER_SEC);
+
+ thread_read_times(thread, &thread_user_time, &thread_system_time);
+ time_value_add(&thread_total_time, &thread_user_time);
+ time_value_add(&thread_total_time, &thread_system_time);
+ ledger_get_entry_info(thread->t_threadledger, thread_ledgers.cpu_time, &lei);
+
+ /* credit/debit/balance/limit are in absolute time units;
+ the refill info is in nanoseconds. */
+ absolutetime_to_nanoseconds(lei.lei_balance, &balance_ns);
+ if (lei.lei_last_refill > 0) {
+ usage_percent = (uint32_t)((balance_ns*100ULL) / lei.lei_last_refill);
+ }
+
+ /* TODO: show task total runtime (via TASK_ABSOLUTETIME_INFO)? */
+ printf("process %s[%d] thread %llu caught burning CPU! "
+ "It used more than %d%% CPU over %u seconds "
+ "(actual recent usage: %d%% over ~%llu seconds). "
+ "Thread lifetime cpu usage %d.%06ds, (%d.%06d user, %d.%06d sys) "
+ "ledger balance: %lld mabs credit: %lld mabs debit: %lld mabs "
+ "limit: %llu mabs period: %llu ns last refill: %llu ns%s.\n",
+ procname, pid, tid,
+ percentage, interval_sec,
+ usage_percent,
+ (lei.lei_last_refill + NSEC_PER_SEC/2) / NSEC_PER_SEC,
+ thread_total_time.seconds, thread_total_time.microseconds,
+ thread_user_time.seconds, thread_user_time.microseconds,
+ thread_system_time.seconds,thread_system_time.microseconds,
+ lei.lei_balance, lei.lei_credit, lei.lei_debit,
+ lei.lei_limit, lei.lei_refill_period, lei.lei_last_refill,
+ (fatal ? " [fatal violation]" : ""));
+
+ /*
+ For now, send RESOURCE_NOTIFY in parallel with EXC_RESOURCE. Once
+ we have logging parity, we will stop sending EXC_RESOURCE (24508922).
+ */
+
+ /* RESOURCE_NOTIFY MIG specifies nanoseconds of CPU time */
+ lei.lei_balance = balance_ns;
+ absolutetime_to_nanoseconds(lei.lei_limit, &lei.lei_limit);
+ trace_resource_violation(RMON_CPUUSAGE_VIOLATED, &lei);
+ kr = send_resource_violation(send_cpu_usage_violation, task, &lei,
+ fatal ? kRNFatalLimitFlag : 0);
+ if (kr) {
+ printf("send_resource_violation(CPU usage, ...): error %#x\n", kr);
+ }
+
+#ifdef EXC_RESOURCE_MONITORS
+ if (send_exc_resource) {
+ if (disable_exc_resource) {
+ printf("process %s[%d] thread %llu caught burning CPU! "
+ "EXC_RESOURCE%s supressed by a boot-arg\n",
+ procname, pid, tid, fatal ? " (and termination)" : "");
+ return;
+ }
+
+ if (audio_active) {
+ printf("process %s[%d] thread %llu caught burning CPU! "
+ "EXC_RESOURCE & termination supressed due to audio playback\n",
+ procname, pid, tid);
+ return;
+ }
+ }
+
+
+ if (send_exc_resource) {
+ code[0] = code[1] = 0;
+ EXC_RESOURCE_ENCODE_TYPE(code[0], RESOURCE_TYPE_CPU);
+ if (fatal) {
+ EXC_RESOURCE_ENCODE_FLAVOR(code[0], FLAVOR_CPU_MONITOR_FATAL);
+ }else {
+ EXC_RESOURCE_ENCODE_FLAVOR(code[0], FLAVOR_CPU_MONITOR);
+ }
+ EXC_RESOURCE_CPUMONITOR_ENCODE_INTERVAL(code[0], interval_sec);
+ EXC_RESOURCE_CPUMONITOR_ENCODE_PERCENTAGE(code[0], percentage);
+ EXC_RESOURCE_CPUMONITOR_ENCODE_PERCENTAGE(code[1], usage_percent);
+ exception_triage(EXC_RESOURCE, code, EXCEPTION_CODE_MAX);
+ }
+#endif /* EXC_RESOURCE_MONITORS */
+
+ if (fatal) {
+#if CONFIG_JETSAM
+ jetsam_on_ledger_cpulimit_exceeded();
+#else
+ task_terminate_internal(task);
+#endif
+ }
+}
+
+void thread_update_io_stats(thread_t thread, int size, int io_flags)
+{
+ int io_tier;
+
+ if (thread->thread_io_stats == NULL || thread->task->task_io_stats == NULL)
+ return;
+
+ if (io_flags & DKIO_READ) {
+ UPDATE_IO_STATS(thread->thread_io_stats->disk_reads, size);
+ UPDATE_IO_STATS_ATOMIC(thread->task->task_io_stats->disk_reads, size);
+ }
+
+ if (io_flags & DKIO_META) {
+ UPDATE_IO_STATS(thread->thread_io_stats->metadata, size);
+ UPDATE_IO_STATS_ATOMIC(thread->task->task_io_stats->metadata, size);
+ }
+
+ if (io_flags & DKIO_PAGING) {
+ UPDATE_IO_STATS(thread->thread_io_stats->paging, size);
+ UPDATE_IO_STATS_ATOMIC(thread->task->task_io_stats->paging, size);
+ }
+
+ io_tier = ((io_flags & DKIO_TIER_MASK) >> DKIO_TIER_SHIFT);
+ assert (io_tier < IO_NUM_PRIORITIES);
+
+ UPDATE_IO_STATS(thread->thread_io_stats->io_priority[io_tier], size);
+ UPDATE_IO_STATS_ATOMIC(thread->task->task_io_stats->io_priority[io_tier], size);
+
+ /* Update Total I/O Counts */
+ UPDATE_IO_STATS(thread->thread_io_stats->total_io, size);
+ UPDATE_IO_STATS_ATOMIC(thread->task->task_io_stats->total_io, size);
+
+ if (!(io_flags & DKIO_READ)) {
+ DTRACE_IO3(physical_writes, struct task *, thread->task, uint32_t, size, int, io_flags);
+ ledger_credit(thread->task->ledger, task_ledgers.physical_writes, size);
+ }
+}
+
+static void
+init_thread_ledgers(void) {
+ ledger_template_t t;
+ int idx;
+
+ assert(thread_ledger_template == NULL);
+
+ if ((t = ledger_template_create("Per-thread ledger")) == NULL)
+ panic("couldn't create thread ledger template");
+
+ if ((idx = ledger_entry_add(t, "cpu_time", "sched", "ns")) < 0) {
+ panic("couldn't create cpu_time entry for thread ledger template");
+ }
+
+ if (ledger_set_callback(t, idx, thread_cputime_callback, NULL, NULL) < 0) {
+ panic("couldn't set thread ledger callback for cpu_time entry");
+ }
+
+ thread_ledgers.cpu_time = idx;
+
+ ledger_template_complete(t);
+ thread_ledger_template = t;
+}
+
+/*
+ * Returns currently applied CPU usage limit, or 0/0 if none is applied.
+ */
+int
+thread_get_cpulimit(int *action, uint8_t *percentage, uint64_t *interval_ns)
+{
+ int64_t abstime = 0;
+ uint64_t limittime = 0;
+ thread_t thread = current_thread();
+
+ *percentage = 0;
+ *interval_ns = 0;
+ *action = 0;
+
+ if (thread->t_threadledger == LEDGER_NULL) {
+ /*
+ * This thread has no per-thread ledger, so it can't possibly
+ * have a CPU limit applied.
+ */
+ return (KERN_SUCCESS);
+ }
+
+ ledger_get_period(thread->t_threadledger, thread_ledgers.cpu_time, interval_ns);
+ ledger_get_limit(thread->t_threadledger, thread_ledgers.cpu_time, &abstime);
+
+ if ((abstime == LEDGER_LIMIT_INFINITY) || (*interval_ns == 0)) {
+ /*
+ * This thread's CPU time ledger has no period or limit; so it
+ * doesn't have a CPU limit applied.
+ */
+ return (KERN_SUCCESS);
+ }
+
+ /*
+ * This calculation is the converse to the one in thread_set_cpulimit().
+ */
+ absolutetime_to_nanoseconds(abstime, &limittime);
+ *percentage = (limittime * 100ULL) / *interval_ns;
+ assert(*percentage <= 100);
+
+ if (thread->options & TH_OPT_PROC_CPULIMIT) {
+ assert((thread->options & TH_OPT_PRVT_CPULIMIT) == 0);
+
+ *action = THREAD_CPULIMIT_BLOCK;
+ } else if (thread->options & TH_OPT_PRVT_CPULIMIT) {
+ assert((thread->options & TH_OPT_PROC_CPULIMIT) == 0);
+
+ *action = THREAD_CPULIMIT_EXCEPTION;
projects / apple / xnu.git / blobdiff