Lines Matching refs:the
3 # Licensed under the GNU Free Documentation License, Version 1.2
9 This document tries to describe the design of the rtmutex.c implementation.
10 It doesn't describe the reasons why rtmutex.c exists. For that please see
12 that happen without this code, but that is in the concept to understand
13 what the code actually is doing.
15 The goal of this document is to help others understand the priority
16 inheritance (PI) algorithm that is used, as well as reasons for the
17 decisions that were made to implement PI in the manner that was done.
25 most of the time it can't be helped. Anytime a high priority process wants
27 the high priority process must wait until the lower priority process is done
28 with the resource. This is a priority inversion. What we want to prevent
29 is something called unbounded priority inversion. That is when the high
34 processes, let's call them processes A, B, and C, where A is the highest
35 priority process, C is the lowest, and B is in between. A tries to grab a lock
36 that C owns and must wait and lets C run to release the lock. But in the
40 to release the lock, because for all we know, B is a CPU hog and will
41 never give C a chance to release the lock. This is called unbounded priority
44 Here's a little ASCII art to show the problem.
63 PI is where a process inherits the priority of another process if the other
64 process blocks on a lock owned by the current process. To make this easier
65 to understand, let's use the previous example, with processes A, B, and C again.
67 This time, when A blocks on the lock owned by C, C would inherit the priority
69 the high priority of A. As soon as C releases the lock, it loses its
70 inherited priority, and A then can continue with the resource that C had.
76 the design that is used to implement PI.
84 PI and spin locks that are used in the PI code, from now on
85 the PI locks will be called a mutex.
87 lock - In this document from now on, I will use the term lock when
88 referring to spin locks that are used to protect parts of the PI
95 waiter - A waiter is a struct that is stored on the stack of a blocked
96 process. Since the scope of the waiter is within the code for
97 a process being blocked on the mutex, it is fine to allocate
98 the waiter on the process's stack (local variable). This
99 structure holds a pointer to the task, as well as the mutex that
100 the task is blocked on. It also has the plist node structures to
101 place the task in the waiter_list of a mutex as well as the
104 waiter is sometimes used in reference to the task that is waiting
105 on a mutex. This is the same as waiter->task.
111 top pi waiter - The highest priority process waiting on one of the mutexes
152 one, the chains merge.
162 For PI to work, the processes at the right end of these chains (or we may
163 also call it the Top of the chain) must be equal to or higher in priority
164 than the processes to the left or below in the chain.
172 And once again, to show how this can grow I will show the merging chains
186 Before I go further and talk about how the PI chain is stored through lists
187 on both mutexes and processes, I'll explain the plist. This is similar to
188 the struct list_head functionality that is already in the kernel.
192 There are a few differences between plist and list, the most important one
193 being that plist is a priority sorted linked list. This means that the
194 priorities of the plist are sorted, such that it takes O(1) to retrieve the
195 highest priority item in the list. Obviously this is useful to store processes
199 list, the head of the list is a different element than the nodes of a list.
200 So the head of the list is declared as struct plist_head and nodes that will
201 be added to the list are declared as struct plist_node.
207 Every mutex keeps track of all the waiters that are blocked on itself. The mutex
209 a spin lock that is located in the struct of the mutex. This lock is called
210 wait_lock. Since the modification of the waiter list is never done in
211 interrupt context, the wait_lock can be taken without disabling interrupts.
217 To keep track of the PI chains, each process has its own PI list. This is
218 a list of all top waiters of the mutexes that are owned by the process.
219 Note that this list only holds the top waiters and not all waiters that are
220 blocked on mutexes owned by the process.
222 The top of the task's PI list is always the highest priority task that
223 is waiting on a mutex that is owned by the task. So if the task has
224 inherited a priority, it will always be the priority of the task that is
225 at the top of this list.
227 This list is stored in the task structure of a process as a plist called
228 pi_list. This list is protected by a spin lock also in the task structure,
230 locking the pi_lock, interrupts must be disabled.
233 Depth of the PI Chain
236 The maximum depth of the PI chain is not dynamic, and could actually be
238 the nesting of mutexes. Let's look at the example where we have 3 mutexes,
286 in func4 in the "do something again" area, we have a locking that follows:
295 And thus we have the chain A->L1->B->L2->C->L3->D.
297 This gives us a PI depth of 4 (four processes), but looking at any of the
299 depth of two. So, although the locking depth is defined at compile time,
300 it still is very difficult to find the possibilities of that depth.
304 PI chain, and have the code holding spin locks while looking at a large
305 amount of data. So to prevent this, the implementation not only implements
307 time, as it walks the PI chain. More about this below.
313 The mutex structure contains a pointer to the owner of the mutex. If the
315 have the task structure on at least a four byte alignment (and if this is
316 not true, the rtmutex.c code will be broken!), this allows for the two
320 Bit 0 is used as the "Pending Owner" flag. This is described later.
321 Bit 1 is used as the "Has Waiters" flags. This is also described later
329 is used (when applicable) to keep the fast path of grabbing and releasing
332 cmpxchg is basically the following function performed atomically:
345 if the variable is what you expect it to be. You know if it succeeded if
346 the return value (the old value of A) is equal to B.
349 the architecture does not support CMPXCHG, then this macro is simply set
351 help out extremely to keep the fast path short.
353 The use of rt_mutex_cmpxchg with the flags in the owner field help optimize
354 the system for architectures that support it. This will also be explained
361 The implementation of the PI code in rtmutex.c has several places that a
362 process must adjust its priority. With the help of the pi_list of a
365 The functions implementing the task adjustments are rt_mutex_adjust_prio,
366 __rt_mutex_adjust_prio (same as the former, but expects the task pi_lock
371 rt_mutex_getprio returns the priority that the task should have. Either the
373 a mutex owned by the task, then that higher priority should be returned.
374 Since the pi_list of a task holds an order by priority list of all the top
375 waiters of all the mutexes that the task owns, rt_mutex_getprio simply needs
376 to compare the top pi waiter to its own normal priority, and return the higher
379 (Note: if looking at the code, you will notice that the lower number of
380 prio is returned. This is because the prio field in the task structure
381 is an inverse order of the actual priority. So a "prio" of 5 is
384 __rt_mutex_adjust_prio examines the result of rt_mutex_getprio, and if the
385 result does not equal the task's current priority, then rt_mutex_setprio
386 is called to adjust the priority of the task to the new priority.
387 Note that rt_mutex_setprio is defined in kernel/sched/core.c to implement the
391 or decrease the priority of the task. In the case that a higher priority
392 process has just blocked on a mutex owned by the task, __rt_mutex_adjust_prio
393 would increase/boost the task's priority. But if a higher priority task
394 were for some reason to leave the mutex (timeout or signal), this same function
395 would decrease/unboost the priority of the task. That is because the pi_list
396 always contains the highest priority task that is waiting on a mutex owned
397 by the task, so we only need to compare the priority of that top pi waiter
398 to the normal priority of the given task.
401 High level overview of the PI chain walk
404 The PI chain walk is implemented by the function rt_mutex_adjust_prio_chain.
407 with what we believe is the best. It walks the PI chain by only grabbing
414 (de)boosting (the owner of a mutex that a process is blocking on), a flag to
415 check for deadlocking, the mutex that the task owns, and a pointer to a waiter
416 that is the process's waiter struct that is blocked on the mutex (although this
423 that the state of the owner and lock can change when entered into this function.
425 Before this function is called, the task has already had rt_mutex_adjust_prio
426 performed on it. This means that the task is set to the priority that it
427 should be at, but the plist nodes of the task's waiter have not been updated
428 with the new priorities, and that this task may not be in the proper locations
429 in the pi_lists and wait_lists that the task is blocked on. This function
432 A loop is entered, where task is the owner to be checked for PI changes that
433 was passed by parameter (for the first iteration). The pi_lock of this task is
434 taken to prevent any more changes to the pi_list of the task. This also
435 prevents new tasks from completing the blocking on a mutex that is owned by this
438 If the task is not blocked on a mutex then the loop is exited. We are at
439 the top of the PI chain.
441 A check is now done to see if the original waiter (the process that is blocked
442 on the current mutex) is the top pi waiter of the task. That is, is this
443 waiter on the top of the task's pi_list. If it is not, it either means that
444 there is another process higher in priority that is blocked on one of the
445 mutexes that the task owns, or that the waiter has just woken up via a signal
446 or timeout and has left the PI chain. In either case, the loop is exited, since
447 we don't need to do any more changes to the priority of the current task, or any
451 The next check sees if the task's waiter plist node has the priority equal to
452 the priority the task is set at. If they are equal, then we are done with
453 the loop. Remember that the function started with the priority of the
454 task adjusted, but the plist nodes that hold the task in other processes
457 Next, we look at the mutex that the task is blocked on. The mutex's wait_lock
458 is taken. This is done by a spin_trylock, because the locking order of the
459 pi_lock and wait_lock goes in the opposite direction. If we fail to grab the
460 lock, the pi_lock is released, and we restart the loop.
462 Now that we have both the pi_lock of the task as well as the wait_lock of
463 the mutex the task is blocked on, we update the task's waiter's plist node
464 that is located on the mutex's wait_list.
466 Now we release the pi_lock of the task.
468 Next the owner of the mutex has its pi_lock taken, so we can update the
469 task's entry in the owner's pi_list. If the task is the highest priority
470 process on the mutex's wait_list, then we remove the previous top waiter
471 from the owner's pi_list, and replace it with the task.
473 Note: It is possible that the task was the current top waiter on the mutex,
474 in which case the task is not yet on the pi_list of the waiter. This
475 is OK, since plist_del does nothing if the plist node is not on any
478 If the task was not the top waiter of the mutex, but it was before we
479 did the priority updates, that means we are deboosting/lowering the
480 task. In this case, the task is removed from the pi_list of the owner,
481 and the new top waiter is added.
483 Lastly, we unlock both the pi_lock of the task, as well as the mutex's
484 wait_lock, and continue the loop again. On the next iteration of the
485 loop, the previous owner of the mutex will be the task that will be
488 Note: One might think that the owner of this mutex might have changed
489 since we just grab the mutex's wait_lock. And one could be right.
490 The important thing to remember is that the owner could not have
491 become the task that is being processed in the PI chain, since
492 we have taken that task's pi_lock at the beginning of the loop.
493 So as long as there is an owner of this mutex that is not the same
494 process as the tasked being worked on, we are OK.
496 Looking closely at the code, one might be confused. The check for the
497 end of the PI chain is when the task isn't blocked on anything or the
499 protected only by the task's pi_lock. But the code to unlock the mutex
500 sets the task's waiter structure "task" element to NULL with only
501 the protection of the mutex's wait_lock, which was not taken yet.
502 Isn't this a race condition if the task becomes the new owner?
504 The answer is No! The trick is the spin_trylock of the mutex's
505 wait_lock. If we fail that lock, we release the pi_lock of the
506 task and continue the loop, doing the end of PI chain check again.
508 In the code to release the lock, the wait_lock of the mutex is held
509 the entire time, and it is not let go when we grab the pi_lock of the
510 new owner of the mutex. So if the switch of a new owner were to happen
511 after the check for end of the PI chain and the grabbing of the
512 wait_lock, the unlocking code would spin on the new owner's pi_lock
513 but never give up the wait_lock. So the PI chain loop is guaranteed to
514 fail the spin_trylock on the wait_lock, release the pi_lock, and
517 If you don't quite understand the above, that's OK. You don't have to,
524 One of the flags in the owner field of the mutex structure is "Pending Owner".
525 What this means is that an owner was chosen by the process releasing the
526 mutex, but that owner has yet to wake up and actually take the mutex.
528 Why is this important? Why can't we just give the mutex to another process
531 The PI code is to help with real-time processes, and to let the highest
534 blocked on, when the mutex is released it would be given to the lower priority
535 process. What if the higher priority process wants to take that mutex again.
537 and it would need to boost the lower priority process to run with full
538 latency of that critical section (since the low priority process just entered
542 penalized if it tries to take that mutex again. If the new owner of the
543 mutex has not woken up yet, there's no reason that the higher priority process
548 pending ownership. This means that it's the new owner, unless a higher
550 process does come along and wants that mutex, we let the higher priority
551 process "steal" the mutex from the pending owner (only if it is still pending)
552 and continue with the mutex.
558 OK, now let's take a look at the detailed walk through of what happens when
561 The first thing that is tried is the fast taking of the mutex. This is
562 done when we have CMPXCHG enabled (otherwise the fast taking automatically
563 fails). Only when the owner field of the mutex is NULL can the lock be
564 taken with the CMPXCHG and nothing else needs to be done.
566 If there is contention on the lock, whether it is owned or pending owner
567 we go about the slow path (rt_mutex_slowlock).
569 The slow path function is where the task's waiter structure is created on
570 the stack. This is because the waiter structure is only needed for the
571 scope of this function. The waiter structure holds the nodes to store
572 the task on the wait_list of the mutex, and if need be, the pi_list of
573 the owner.
575 The wait_lock of the mutex is taken since the slow path of unlocking the
578 We then call try_to_take_rt_mutex. This is where the architecture that
579 does not implement CMPXCHG would always grab the lock (if there's no
582 try_to_take_rt_mutex is used every time the task tries to grab a mutex in the
584 the "Has Waiters" flag of the mutex's owner field. Yes, this could really
585 be false, because if the mutex has no owner, there are no waiters and
586 the current task also won't have any waiters. But we don't have the lock
589 now, the owner of the mutex can't release the mutex without going into the
590 slow unlock path, and it would then need to grab the wait_lock, which this
591 code currently holds. So setting the "Has Waiters" flag forces the owner
594 Now that we know that we can't have any races with the owner releasing the
595 mutex, we check to see if we can take the ownership. This is done if the
596 mutex doesn't have a owner, or if we can steal the mutex from a pending
597 owner. Let's look at the situations we have here.
602 The mutex has a owner, but it hasn't woken up and the mutex flag
603 "Pending Owner" is set. The first check is to see if the owner isn't the
604 current task. This is because this function is also used for the pending
605 owner to grab the mutex. When a pending owner wakes up, it checks to see
606 if it can take the mutex, and this is done if the owner is already set to
607 itself. If so, we succeed and leave the function, clearing the "Pending
610 If the pending owner is not current, we check to see if the current priority is
611 higher than the pending owner. If not, we fail the function and return.
615 means that if the mutex doesn't have any waiters, there's no accounting needed
616 to update the pending owner's pi_list, since we only worry about processes
617 blocked on the current mutex.
619 If there are waiters on this mutex, and we just stole the ownership, we need
620 to take the top waiter, remove it from the pi_list of the pending owner, and
621 add it to the current pi_list. Note that at this moment, the pending owner
622 is no longer on the list of waiters. This is fine, since the pending owner
623 would add itself back when it realizes that it had the ownership stolen
624 from itself. When the pending owner tries to grab the mutex, it will fail
625 in try_to_take_rt_mutex if the owner field points to another process.
630 If there is no owner (or we successfully stole the lock), we set the owner
631 of the mutex to current, and set the flag of "Has Waiters" if the current
632 mutex actually has waiters, or we clear the flag if it doesn't. See, it was
640 priority than the current task.
642 We'll continue on the failed case.
644 If the mutex has a timeout, we set up a timer to go off to break us out
647 Now we enter a loop that will continue to try to take ownership of the mutex, or
650 Once again we try to take the mutex. This will usually fail the first time
651 in the loop, since it had just failed to get the mutex. But the second time
652 in the loop, this would likely succeed, since the task would likely be
653 the pending owner.
655 If the mutex is TASK_INTERRUPTIBLE a check for signals and timeout is done
658 The waiter structure has a "task" field that points to the task that is blocked
659 on the mutex. This field can be NULL the first time it goes through the loop
660 or if the task is a pending owner and had its mutex stolen. If the "task"
661 field is NULL then we need to set up the accounting for it.
666 The accounting of a mutex and process is done with the waiter structure of
667 the process. The "task" field is set to the process, and the "lock" field
668 to the mutex. The plist nodes are initialized to the processes current
671 Since the wait_lock was taken at the entry of the slow lock, we can safely
672 add the waiter to the wait_list. If the current process is the highest
673 priority process currently waiting on this mutex, then we remove the
674 previous top waiter process (if it exists) from the pi_list of the owner,
675 and add the current process to that list. Since the pi_list of the owner
676 has changed, we call rt_mutex_adjust_prio on the owner to see if the owner
679 If the owner is also blocked on a lock, and had its pi_list changed
680 (or deadlock checking is on), we unlock the wait_lock of the mutex and go ahead
681 and run rt_mutex_adjust_prio_chain on the owner, as described earlier.
683 Now all locks are released, and if the current process is still blocked on a
686 Waking up in the loop
690 1) we were given pending ownership of the mutex.
694 In any of these cases, we continue the loop and once again try to grab the
695 ownership of the mutex. If we succeed, we exit the loop, otherwise we continue
696 and on signal and timeout, will exit the loop, or if we had the mutex stolen
697 we just simply add ourselves back on the lists and go back to sleep.
699 Note: For various reasons, because of timeout and signals, the steal mutex
700 algorithm needs to be careful. This is because the current process is
701 still on the wait_list. And because of dynamic changing of priorities,
702 especially on SCHED_OTHER tasks, the current process can be the
703 highest priority task on the wait_list.
708 If a timeout or signal occurred, the waiter's "task" field would not be
709 NULL and the task needs to be taken off the wait_list of the mutex and perhaps
710 pi_list of the owner. If this process was a high priority process, then
711 the rt_mutex_adjust_prio_chain needs to be executed again on the owner,
712 but this time it will be lowering the priorities.
715 Unlocking the Mutex
719 CMPXCHG. Since the taking of a mutex on contention always sets the
720 "Has Waiters" flag of the mutex's owner, we use this to know if we need to
721 take the slow path when unlocking the mutex. If the mutex doesn't have any
722 waiters, the owner field of the mutex would equal the current process and
723 the mutex can be unlocked by just replacing the owner field with NULL.
725 If the owner field has the "Has Waiters" bit set (or CMPXCHG is not available),
726 the slow unlock path is taken.
728 The first thing done in the slow unlock path is to take the wait_lock of the
729 mutex. This synchronizes the locking and unlocking of the mutex.
731 A check is made to see if the mutex has waiters or not. On architectures that
732 do not have CMPXCHG, this is the location that the owner of the mutex will
734 do have CMPXCHG, that check is done in the fast path, but it is still needed
735 in the slow path too. If a waiter of a mutex woke up because of a signal
736 or timeout between the time the owner failed the fast path CMPXCHG check and
737 the grabbing of the wait_lock, the mutex may not have any waiters, thus the
738 owner still needs to make this check. If there are no waiters then the mutex
739 owner field is set to NULL, the wait_lock is released and nothing more is
745 On the wake up code, the pi_lock of the current owner is taken. The top
746 waiter of the lock is found and removed from the wait_list of the mutex
747 as well as the pi_list of the current owner. The task field of the new
748 pending owner's waiter structure is set to NULL, and the owner field of the
749 mutex is set to the new owner with the "Pending Owner" bit set, as well
750 as the "Has Waiters" bit if there still are other processes blocked on the
753 The pi_lock of the previous owner is released, and the new pending owner's
754 pi_lock is taken. Remember that this is the trick to prevent the race
756 on the mutex.
758 We now clear the "pi_blocked_on" field of the new pending owner, and if
759 the mutex still has waiters pending, we add the new top waiter to the pi_list
760 of the pending owner.
762 Finally we unlock the pi_lock of the pending owner and wake it up.