diff options
Diffstat (limited to 'Documentation/RCU/checklist.txt')
-rw-r--r-- | Documentation/RCU/checklist.txt | 89 |
1 files changed, 60 insertions, 29 deletions
diff --git a/Documentation/RCU/checklist.txt b/Documentation/RCU/checklist.txt index 42b01bc2e1b4..cf5562cbe356 100644 --- a/Documentation/RCU/checklist.txt +++ b/Documentation/RCU/checklist.txt | |||
@@ -13,10 +13,13 @@ over a rather long period of time, but improvements are always welcome! | |||
13 | detailed performance measurements show that RCU is nonetheless | 13 | detailed performance measurements show that RCU is nonetheless |
14 | the right tool for the job. | 14 | the right tool for the job. |
15 | 15 | ||
16 | The other exception would be where performance is not an issue, | 16 | Another exception is where performance is not an issue, and RCU |
17 | and RCU provides a simpler implementation. An example of this | 17 | provides a simpler implementation. An example of this situation |
18 | situation is the dynamic NMI code in the Linux 2.6 kernel, | 18 | is the dynamic NMI code in the Linux 2.6 kernel, at least on |
19 | at least on architectures where NMIs are rare. | 19 | architectures where NMIs are rare. |
20 | |||
21 | Yet another exception is where the low real-time latency of RCU's | ||
22 | read-side primitives is critically important. | ||
20 | 23 | ||
21 | 1. Does the update code have proper mutual exclusion? | 24 | 1. Does the update code have proper mutual exclusion? |
22 | 25 | ||
@@ -39,9 +42,10 @@ over a rather long period of time, but improvements are always welcome! | |||
39 | 42 | ||
40 | 2. Do the RCU read-side critical sections make proper use of | 43 | 2. Do the RCU read-side critical sections make proper use of |
41 | rcu_read_lock() and friends? These primitives are needed | 44 | rcu_read_lock() and friends? These primitives are needed |
42 | to suppress preemption (or bottom halves, in the case of | 45 | to prevent grace periods from ending prematurely, which |
43 | rcu_read_lock_bh()) in the read-side critical sections, | 46 | could result in data being unceremoniously freed out from |
44 | and are also an excellent aid to readability. | 47 | under your read-side code, which can greatly increase the |
48 | actuarial risk of your kernel. | ||
45 | 49 | ||
46 | As a rough rule of thumb, any dereference of an RCU-protected | 50 | As a rough rule of thumb, any dereference of an RCU-protected |
47 | pointer must be covered by rcu_read_lock() or rcu_read_lock_bh() | 51 | pointer must be covered by rcu_read_lock() or rcu_read_lock_bh() |
@@ -54,15 +58,30 @@ over a rather long period of time, but improvements are always welcome! | |||
54 | be running while updates are in progress. There are a number | 58 | be running while updates are in progress. There are a number |
55 | of ways to handle this concurrency, depending on the situation: | 59 | of ways to handle this concurrency, depending on the situation: |
56 | 60 | ||
57 | a. Make updates appear atomic to readers. For example, | 61 | a. Use the RCU variants of the list and hlist update |
62 | primitives to add, remove, and replace elements on an | ||
63 | RCU-protected list. Alternatively, use the RCU-protected | ||
64 | trees that have been added to the Linux kernel. | ||
65 | |||
66 | This is almost always the best approach. | ||
67 | |||
68 | b. Proceed as in (a) above, but also maintain per-element | ||
69 | locks (that are acquired by both readers and writers) | ||
70 | that guard per-element state. Of course, fields that | ||
71 | the readers refrain from accessing can be guarded by the | ||
72 | update-side lock. | ||
73 | |||
74 | This works quite well, also. | ||
75 | |||
76 | c. Make updates appear atomic to readers. For example, | ||
58 | pointer updates to properly aligned fields will appear | 77 | pointer updates to properly aligned fields will appear |
59 | atomic, as will individual atomic primitives. Operations | 78 | atomic, as will individual atomic primitives. Operations |
60 | performed under a lock and sequences of multiple atomic | 79 | performed under a lock and sequences of multiple atomic |
61 | primitives will -not- appear to be atomic. | 80 | primitives will -not- appear to be atomic. |
62 | 81 | ||
63 | This is almost always the best approach. | 82 | This can work, but is starting to get a bit tricky. |
64 | 83 | ||
65 | b. Carefully order the updates and the reads so that | 84 | d. Carefully order the updates and the reads so that |
66 | readers see valid data at all phases of the update. | 85 | readers see valid data at all phases of the update. |
67 | This is often more difficult than it sounds, especially | 86 | This is often more difficult than it sounds, especially |
68 | given modern CPUs' tendency to reorder memory references. | 87 | given modern CPUs' tendency to reorder memory references. |
@@ -123,18 +142,22 @@ over a rather long period of time, but improvements are always welcome! | |||
123 | when publicizing a pointer to a structure that can | 142 | when publicizing a pointer to a structure that can |
124 | be traversed by an RCU read-side critical section. | 143 | be traversed by an RCU read-side critical section. |
125 | 144 | ||
126 | 5. If call_rcu(), or a related primitive such as call_rcu_bh(), | 145 | 5. If call_rcu(), or a related primitive such as call_rcu_bh() or |
127 | is used, the callback function must be written to be called | 146 | call_rcu_sched(), is used, the callback function must be |
128 | from softirq context. In particular, it cannot block. | 147 | written to be called from softirq context. In particular, |
148 | it cannot block. | ||
129 | 149 | ||
130 | 6. Since synchronize_rcu() can block, it cannot be called from | 150 | 6. Since synchronize_rcu() can block, it cannot be called from |
131 | any sort of irq context. | 151 | any sort of irq context. Ditto for synchronize_sched() and |
152 | synchronize_srcu(). | ||
132 | 153 | ||
133 | 7. If the updater uses call_rcu(), then the corresponding readers | 154 | 7. If the updater uses call_rcu(), then the corresponding readers |
134 | must use rcu_read_lock() and rcu_read_unlock(). If the updater | 155 | must use rcu_read_lock() and rcu_read_unlock(). If the updater |
135 | uses call_rcu_bh(), then the corresponding readers must use | 156 | uses call_rcu_bh(), then the corresponding readers must use |
136 | rcu_read_lock_bh() and rcu_read_unlock_bh(). Mixing things up | 157 | rcu_read_lock_bh() and rcu_read_unlock_bh(). If the updater |
137 | will result in confusion and broken kernels. | 158 | uses call_rcu_sched(), then the corresponding readers must |
159 | disable preemption. Mixing things up will result in confusion | ||
160 | and broken kernels. | ||
138 | 161 | ||
139 | One exception to this rule: rcu_read_lock() and rcu_read_unlock() | 162 | One exception to this rule: rcu_read_lock() and rcu_read_unlock() |
140 | may be substituted for rcu_read_lock_bh() and rcu_read_unlock_bh() | 163 | may be substituted for rcu_read_lock_bh() and rcu_read_unlock_bh() |
@@ -143,9 +166,9 @@ over a rather long period of time, but improvements are always welcome! | |||
143 | such cases is a must, of course! And the jury is still out on | 166 | such cases is a must, of course! And the jury is still out on |
144 | whether the increased speed is worth it. | 167 | whether the increased speed is worth it. |
145 | 168 | ||
146 | 8. Although synchronize_rcu() is a bit slower than is call_rcu(), | 169 | 8. Although synchronize_rcu() is slower than is call_rcu(), it |
147 | it usually results in simpler code. So, unless update | 170 | usually results in simpler code. So, unless update performance |
148 | performance is critically important or the updaters cannot block, | 171 | is critically important or the updaters cannot block, |
149 | synchronize_rcu() should be used in preference to call_rcu(). | 172 | synchronize_rcu() should be used in preference to call_rcu(). |
150 | 173 | ||
151 | An especially important property of the synchronize_rcu() | 174 | An especially important property of the synchronize_rcu() |
@@ -187,23 +210,23 @@ over a rather long period of time, but improvements are always welcome! | |||
187 | number of updates per grace period. | 210 | number of updates per grace period. |
188 | 211 | ||
189 | 9. All RCU list-traversal primitives, which include | 212 | 9. All RCU list-traversal primitives, which include |
190 | list_for_each_rcu(), list_for_each_entry_rcu(), | 213 | rcu_dereference(), list_for_each_rcu(), list_for_each_entry_rcu(), |
191 | list_for_each_continue_rcu(), and list_for_each_safe_rcu(), | 214 | list_for_each_continue_rcu(), and list_for_each_safe_rcu(), |
192 | must be within an RCU read-side critical section. RCU | 215 | must be either within an RCU read-side critical section or |
216 | must be protected by appropriate update-side locks. RCU | ||
193 | read-side critical sections are delimited by rcu_read_lock() | 217 | read-side critical sections are delimited by rcu_read_lock() |
194 | and rcu_read_unlock(), or by similar primitives such as | 218 | and rcu_read_unlock(), or by similar primitives such as |
195 | rcu_read_lock_bh() and rcu_read_unlock_bh(). | 219 | rcu_read_lock_bh() and rcu_read_unlock_bh(). |
196 | 220 | ||
197 | Use of the _rcu() list-traversal primitives outside of an | 221 | The reason that it is permissible to use RCU list-traversal |
198 | RCU read-side critical section causes no harm other than | 222 | primitives when the update-side lock is held is that doing so |
199 | a slight performance degradation on Alpha CPUs. It can | 223 | can be quite helpful in reducing code bloat when common code is |
200 | also be quite helpful in reducing code bloat when common | 224 | shared between readers and updaters. |
201 | code is shared between readers and updaters. | ||
202 | 225 | ||
203 | 10. Conversely, if you are in an RCU read-side critical section, | 226 | 10. Conversely, if you are in an RCU read-side critical section, |
204 | you -must- use the "_rcu()" variants of the list macros. | 227 | and you don't hold the appropriate update-side lock, you -must- |
205 | Failing to do so will break Alpha and confuse people reading | 228 | use the "_rcu()" variants of the list macros. Failing to do so |
206 | your code. | 229 | will break Alpha and confuse people reading your code. |
207 | 230 | ||
208 | 11. Note that synchronize_rcu() -only- guarantees to wait until | 231 | 11. Note that synchronize_rcu() -only- guarantees to wait until |
209 | all currently executing rcu_read_lock()-protected RCU read-side | 232 | all currently executing rcu_read_lock()-protected RCU read-side |
@@ -230,6 +253,14 @@ over a rather long period of time, but improvements are always welcome! | |||
230 | must use whatever locking or other synchronization is required | 253 | must use whatever locking or other synchronization is required |
231 | to safely access and/or modify that data structure. | 254 | to safely access and/or modify that data structure. |
232 | 255 | ||
256 | RCU callbacks are -usually- executed on the same CPU that executed | ||
257 | the corresponding call_rcu(), call_rcu_bh(), or call_rcu_sched(), | ||
258 | but are by -no- means guaranteed to be. For example, if a given | ||
259 | CPU goes offline while having an RCU callback pending, then that | ||
260 | RCU callback will execute on some surviving CPU. (If this was | ||
261 | not the case, a self-spawning RCU callback would prevent the | ||
262 | victim CPU from ever going offline.) | ||
263 | |||
233 | 14. SRCU (srcu_read_lock(), srcu_read_unlock(), and synchronize_srcu()) | 264 | 14. SRCU (srcu_read_lock(), srcu_read_unlock(), and synchronize_srcu()) |
234 | may only be invoked from process context. Unlike other forms of | 265 | may only be invoked from process context. Unlike other forms of |
235 | RCU, it -is- permissible to block in an SRCU read-side critical | 266 | RCU, it -is- permissible to block in an SRCU read-side critical |