doc: Synchronous RCU grace periods are now legal throughout boot

This commit updates the "Early Boot" section of the RCU requirements to describe how synchronous RCU grace periods are now legal throughout the boot process. Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
author: Paul E. McKenney <paulmck@linux.vnet.ibm.com> 2017-01-15 18:18:22 -0500
committer: Paul E. McKenney <paulmck@linux.vnet.ibm.com> 2017-04-12 11:23:39 -0400
commit: f1387d770527b11c5467ed6b6b3d9c3e5aa12dd4 (patch)
tree: 3d71b42251a09621cabb90841ac84d949e63d094
parent: 4495c08e84729385774601b5146d51d9e5849f81 (diff)
1 files changed, 47 insertions, 34 deletions
diff --git a/Documentation/RCU/Design/Requirements/Requirements.html b/Documentation/RCU/Design/Requirements/Requirements.html
index 21593496aca6..999b3ed3444e 100644
--- a/Documentation/RCU/Design/Requirements/Requirements.html
+++ b/Documentation/RCU/Design/Requirements/Requirements.html
@@ -2154,7 +2154,8 @@ as will <tt>rcu_assign_pointer()</tt>.
 <p>
 Although <tt>call_rcu()</tt> may be invoked at any
 time during boot, callbacks are not guaranteed to be invoked until after
-the scheduler is fully up and running.
+all of RCU's kthreads have been spawned, which occurs at
+<tt>early_initcall()</tt> time.
 This delay in callback invocation is due to the fact that RCU does not
 invoke callbacks until it is fully initialized, and this full initialization
 cannot occur until after the scheduler has initialized itself to the
@@ -2167,8 +2168,10 @@ on what operations those callbacks could invoke.
 Perhaps surprisingly, <tt>synchronize_rcu()</tt>,
 <a href="#Bottom-Half Flavor"><tt>synchronize_rcu_bh()</tt></a>
 (<a href="#Bottom-Half Flavor">discussed below</a>),
-and
+<a href="#Sched Flavor"><tt>synchronize_sched()</tt></a>,
-<a href="#Sched Flavor"><tt>synchronize_sched()</tt></a>
+<tt>synchronize_rcu_expedited()</tt>,
+<tt>synchronize_rcu_bh_expedited()</tt>, and
+<tt>synchronize_sched_expedited()</tt>
 will all operate normally
 during very early boot, the reason being that there is only one CPU
 and preemption is disabled.
@@ -2178,45 +2181,55 @@ state and thus a grace period, so the early-boot implementation can
 be a no-op.
 <p>
-Both <tt>synchronize_rcu_bh()</tt> and <tt>synchronize_sched()</tt>
+However, once the scheduler has spawned its first kthread, this early
-continue to operate normally through the remainder of boot, courtesy
+boot trick fails for <tt>synchronize_rcu()</tt> (as well as for
-of the fact that preemption is disabled across their RCU read-side
+<tt>synchronize_rcu_expedited()</tt>) in <tt>CONFIG_PREEMPT=y</tt>
-critical sections and also courtesy of the fact that there is still
+kernels.
-only one CPU.
+The reason is that an RCU read-side critical section might be preempted,
-However, once the scheduler starts initializing, preemption is enabled.
+which means that a subsequent <tt>synchronize_rcu()</tt> really does have
-There is still only a single CPU, but the fact that preemption is enabled
+to wait for something, as opposed to simply returning immediately.
-means that the no-op implementation of <tt>synchronize_rcu()</tt> no
+Unfortunately, <tt>synchronize_rcu()</tt> can't do this until all of
-longer works in <tt>CONFIG_PREEMPT=y</tt> kernels.
+its kthreads are spawned, which doesn't happen until some time during
-Therefore, as soon as the scheduler starts initializing, the early-boot
+<tt>early_initcalls()</tt> time.
-fastpath is disabled.
+But this is no excuse:  RCU is nevertheless required to correctly handle
-This means that <tt>synchronize_rcu()</tt> switches to its runtime
+synchronous grace periods during this time period, which it currently does.
-mode of operation where it posts callbacks, which in turn means that
+Once all of its kthreads are up and running, RCU starts running
-any call to <tt>synchronize_rcu()</tt> will block until the corresponding
+normally.
-callback is invoked.
-Unfortunately, the callback cannot be invoked until RCU's runtime
-grace-period machinery is up and running, which cannot happen until
-the scheduler has initialized itself sufficiently to allow RCU's
-kthreads to be spawned.
-Therefore, invoking <tt>synchronize_rcu()</tt> during scheduler
-initialization can result in deadlock.
 <table>
 <tr><th>&nbsp;</th></tr>
 <tr><th align="left">Quick Quiz:</th></tr>
 <tr><td>
-        So what happens with <tt>synchronize_rcu()</tt> during
+        How can RCU possibly handle grace periods before all of its
-        scheduler initialization for <tt>CONFIG_PREEMPT=n</tt>
+        kthreads have been spawned???
-        kernels?
 </td></tr>
 <tr><th align="left">Answer:</th></tr>
 <tr><td bgcolor="#ffffff"><font color="ffffff">
-        In <tt>CONFIG_PREEMPT=n</tt> kernel, <tt>synchronize_rcu()</tt>
+        Very carefully!
-        maps directly to <tt>synchronize_sched()</tt>.
-        Therefore, <tt>synchronize_rcu()</tt> works normally throughout
+        <p>During the &ldquo;dead zone&rdquo; between the time that the
-        boot in <tt>CONFIG_PREEMPT=n</tt> kernels.
+        scheduler spawns the first task and the time that all of RCU's
-        However, your code must also work in <tt>CONFIG_PREEMPT=y</tt> kernels,
+        kthreads have been spawned, all synchronous grace periods are
-        so it is still necessary to avoid invoking <tt>synchronize_rcu()</tt>
+        handled by the expedited grace-period mechanism.
-        during scheduler initialization.
+        At runtime, this expedited mechanism relies on workqueues, but
+        during the dead zone the requesting task itself drives the
+        desired expedited grace period.
+        Because dead-zone execution takes place within task context,
+        everything works.
+        Once the dead zone ends, expedited grace periods go back to
+        using workqueues, as is required to avoid problems that would
+        otherwise occur when a user task received a POSIX signal while
+        driving an expedited grace period.
+        <p>And yes, this does mean that it is unhelpful to send POSIX
+        signals to random tasks between the time that the scheduler
+        spawns its first kthread and the time that RCU's kthreads
+        have all been spawned.
+        If there ever turns out to be a good reason for sending POSIX
+        signals during that time, appropriate adjustments will be made.
+        (If it turns out that POSIX signals are sent during this time for
+        no good reason, other adjustments will be made, appropriate
+        or otherwise.)
 </font></td></tr>
 <tr><td>&nbsp;</td></tr>
 </table>
author	Paul E. McKenney <paulmck@linux.vnet.ibm.com>	2017-01-15 18:18:22 -0500
committer	Paul E. McKenney <paulmck@linux.vnet.ibm.com>	2017-04-12 11:23:39 -0400
commit	f1387d770527b11c5467ed6b6b3d9c3e5aa12dd4 (patch)
tree	3d71b42251a09621cabb90841ac84d949e63d094
parent	4495c08e84729385774601b5146d51d9e5849f81 (diff)

diff --git a/Documentation/RCU/Design/Requirements/Requirements.html b/Documentation/RCU/Design/Requirements/Requirements.html index 21593496aca6..999b3ed3444e 100644 --- a/Documentation/RCU/Design/Requirements/Requirements.html +++ b/Documentation/RCU/Design/Requirements/Requirements.html
@@ -2154,7 +2154,8 @@ as will <tt>rcu_assign_pointer()</tt>.
2154	<p>	2154	<p>
2155	Although <tt>call_rcu()</tt> may be invoked at any	2155	Although <tt>call_rcu()</tt> may be invoked at any
2156	time during boot, callbacks are not guaranteed to be invoked until after	2156	time during boot, callbacks are not guaranteed to be invoked until after
2157	the scheduler is fully up and running.	2157	all of RCU's kthreads have been spawned, which occurs at
		2158	<tt>early_initcall()</tt> time.
2158	This delay in callback invocation is due to the fact that RCU does not	2159	This delay in callback invocation is due to the fact that RCU does not
2159	invoke callbacks until it is fully initialized, and this full initialization	2160	invoke callbacks until it is fully initialized, and this full initialization
2160	cannot occur until after the scheduler has initialized itself to the	2161	cannot occur until after the scheduler has initialized itself to the
@@ -2167,8 +2168,10 @@ on what operations those callbacks could invoke.
2167	Perhaps surprisingly, <tt>synchronize_rcu()</tt>,	2168	Perhaps surprisingly, <tt>synchronize_rcu()</tt>,
2168	<a href="#Bottom-Half Flavor"><tt>synchronize_rcu_bh()</tt></a>	2169	<a href="#Bottom-Half Flavor"><tt>synchronize_rcu_bh()</tt></a>
2169	(<a href="#Bottom-Half Flavor">discussed below</a>),	2170	(<a href="#Bottom-Half Flavor">discussed below</a>),
2170	and	2171	<a href="#Sched Flavor"><tt>synchronize_sched()</tt></a>,
2171	<a href="#Sched Flavor"><tt>synchronize_sched()</tt></a>	2172	<tt>synchronize_rcu_expedited()</tt>,
		2173	<tt>synchronize_rcu_bh_expedited()</tt>, and
		2174	<tt>synchronize_sched_expedited()</tt>
2172	will all operate normally	2175	will all operate normally
2173	during very early boot, the reason being that there is only one CPU	2176	during very early boot, the reason being that there is only one CPU
2174	and preemption is disabled.	2177	and preemption is disabled.
@@ -2178,45 +2181,55 @@ state and thus a grace period, so the early-boot implementation can
2178	be a no-op.	2181	be a no-op.
2179		2182
2180	<p>	2183	<p>
2181	Both <tt>synchronize_rcu_bh()</tt> and <tt>synchronize_sched()</tt>	2184	However, once the scheduler has spawned its first kthread, this early
2182	continue to operate normally through the remainder of boot, courtesy	2185	boot trick fails for <tt>synchronize_rcu()</tt> (as well as for
2183	of the fact that preemption is disabled across their RCU read-side	2186	<tt>synchronize_rcu_expedited()</tt>) in <tt>CONFIG_PREEMPT=y</tt>
2184	critical sections and also courtesy of the fact that there is still	2187	kernels.
2185	only one CPU.	2188	The reason is that an RCU read-side critical section might be preempted,
2186	However, once the scheduler starts initializing, preemption is enabled.	2189	which means that a subsequent <tt>synchronize_rcu()</tt> really does have
2187	There is still only a single CPU, but the fact that preemption is enabled	2190	to wait for something, as opposed to simply returning immediately.
2188	means that the no-op implementation of <tt>synchronize_rcu()</tt> no	2191	Unfortunately, <tt>synchronize_rcu()</tt> can't do this until all of
2189	longer works in <tt>CONFIG_PREEMPT=y</tt> kernels.	2192	its kthreads are spawned, which doesn't happen until some time during
2190	Therefore, as soon as the scheduler starts initializing, the early-boot	2193	<tt>early_initcalls()</tt> time.
2191	fastpath is disabled.	2194	But this is no excuse: RCU is nevertheless required to correctly handle
2192	This means that <tt>synchronize_rcu()</tt> switches to its runtime	2195	synchronous grace periods during this time period, which it currently does.
2193	mode of operation where it posts callbacks, which in turn means that	2196	Once all of its kthreads are up and running, RCU starts running
2194	any call to <tt>synchronize_rcu()</tt> will block until the corresponding	2197	normally.
2195	callback is invoked.
2196	Unfortunately, the callback cannot be invoked until RCU's runtime
2197	grace-period machinery is up and running, which cannot happen until
2198	the scheduler has initialized itself sufficiently to allow RCU's
2199	kthreads to be spawned.
2200	Therefore, invoking <tt>synchronize_rcu()</tt> during scheduler
2201	initialization can result in deadlock.
2202		2198
2203	<table>	2199	<table>
2204	<tr><th> </th></tr>	2200	<tr><th> </th></tr>
2205	<tr><th align="left">Quick Quiz:</th></tr>	2201	<tr><th align="left">Quick Quiz:</th></tr>
2206	<tr><td>	2202	<tr><td>
2207	So what happens with <tt>synchronize_rcu()</tt> during	2203	How can RCU possibly handle grace periods before all of its
2208	scheduler initialization for <tt>CONFIG_PREEMPT=n</tt>	2204	kthreads have been spawned???
2209	kernels?
2210	</td></tr>	2205	</td></tr>
2211	<tr><th align="left">Answer:</th></tr>	2206	<tr><th align="left">Answer:</th></tr>
2212	<tr><td bgcolor="#ffffff"><font color="ffffff">	2207	<tr><td bgcolor="#ffffff"><font color="ffffff">
2213	In <tt>CONFIG_PREEMPT=n</tt> kernel, <tt>synchronize_rcu()</tt>	2208	Very carefully!
2214	maps directly to <tt>synchronize_sched()</tt>.	2209
2215	Therefore, <tt>synchronize_rcu()</tt> works normally throughout	2210	<p>During the “dead zone” between the time that the
2216	boot in <tt>CONFIG_PREEMPT=n</tt> kernels.	2211	scheduler spawns the first task and the time that all of RCU's
2217	However, your code must also work in <tt>CONFIG_PREEMPT=y</tt> kernels,	2212	kthreads have been spawned, all synchronous grace periods are
2218	so it is still necessary to avoid invoking <tt>synchronize_rcu()</tt>	2213	handled by the expedited grace-period mechanism.
2219	during scheduler initialization.	2214	At runtime, this expedited mechanism relies on workqueues, but
		2215	during the dead zone the requesting task itself drives the
		2216	desired expedited grace period.
		2217	Because dead-zone execution takes place within task context,
		2218	everything works.
		2219	Once the dead zone ends, expedited grace periods go back to
		2220	using workqueues, as is required to avoid problems that would
		2221	otherwise occur when a user task received a POSIX signal while
		2222	driving an expedited grace period.
		2223
		2224	<p>And yes, this does mean that it is unhelpful to send POSIX
		2225	signals to random tasks between the time that the scheduler
		2226	spawns its first kthread and the time that RCU's kthreads
		2227	have all been spawned.
		2228	If there ever turns out to be a good reason for sending POSIX
		2229	signals during that time, appropriate adjustments will be made.
		2230	(If it turns out that POSIX signals are sent during this time for
		2231	no good reason, other adjustments will be made, appropriate
		2232	or otherwise.)
2220	</font></td></tr>	2233	</font></td></tr>
2221	<tr><td> </td></tr>	2234	<tr><td> </td></tr>
2222	</table>	2235	</table>