[net-next-2.6.git] / Documentation / spinlocks.txt

SPIN_LOCK_UNLOCKED and RW_LOCK_UNLOCKED defeat lockdep state tracking and
are hence deprecated.

Please use DEFINE_SPINLOCK()/DEFINE_RWLOCK() or
__SPIN_LOCK_UNLOCKED()/__RW_LOCK_UNLOCKED() as appropriate for static
initialization.

Dynamic initialization, when necessary, may be performed as
demonstrated below.

   spinlock_t xxx_lock;
   rwlock_t xxx_rw_lock;

   static int __init xxx_init(void)
   {
   	spin_lock_init(&xxx_lock);
	rwlock_init(&xxx_rw_lock);
	...
   }

   module_init(xxx_init);

The following discussion is still valid, however, with the dynamic
initialization of spinlocks or with DEFINE_SPINLOCK, etc., used
instead of SPIN_LOCK_UNLOCKED.

-----------------------

On Fri, 2 Jan 1998, Doug Ledford wrote:
> 
> I'm working on making the aic7xxx driver more SMP friendly (as well as
> importing the latest FreeBSD sequencer code to have 7895 support) and wanted
> to get some info from you.  The goal here is to make the various routines
> SMP safe as well as UP safe during interrupts and other manipulating
> routines.  So far, I've added a spin_lock variable to things like my queue
> structs.  Now, from what I recall, there are some spin lock functions I can
> use to lock these spin locks from other use as opposed to a (nasty)
> save_flags(); cli(); stuff; restore_flags(); construct.  Where do I find
> these routines and go about making use of them?  Do they only lock on a
> per-processor basis or can they also lock say an interrupt routine from
> mucking with a queue if the queue routine was manipulating it when the
> interrupt occurred, or should I still use a cli(); based construct on that
> one?

See <asm/spinlock.h>. The basic version is:

   spinlock_t xxx_lock = SPIN_LOCK_UNLOCKED;


	unsigned long flags;

	spin_lock_irqsave(&xxx_lock, flags);
	... critical section here ..
	spin_unlock_irqrestore(&xxx_lock, flags);

and the above is always safe. It will disable interrupts _locally_, but the
spinlock itself will guarantee the global lock, so it will guarantee that
there is only one thread-of-control within the region(s) protected by that
lock. 

Note that it works well even under UP - the above sequence under UP
essentially is just the same as doing a

	unsigned long flags;

	save_flags(flags); cli();
	 ... critical section ...
	restore_flags(flags);

so the code does _not_ need to worry about UP vs SMP issues: the spinlocks
work correctly under both (and spinlocks are actually more efficient on
architectures that allow doing the "save_flags + cli" in one go because I
don't export that interface normally).

NOTE NOTE NOTE! The reason the spinlock is so much faster than a global
interrupt lock under SMP is exactly because it disables interrupts only on
the local CPU. The spin-lock is safe only when you _also_ use the lock
itself to do locking across CPU's, which implies that EVERYTHING that
touches a shared variable has to agree about the spinlock they want to
use.

The above is usually pretty simple (you usually need and want only one
spinlock for most things - using more than one spinlock can make things a
lot more complex and even slower and is usually worth it only for
sequences that you _know_ need to be split up: avoid it at all cost if you
aren't sure). HOWEVER, it _does_ mean that if you have some code that does

	cli();
	.. critical section ..
	sti();

and another sequence that does

	spin_lock_irqsave(flags);
	.. critical section ..
	spin_unlock_irqrestore(flags);

then they are NOT mutually exclusive, and the critical regions can happen
at the same time on two different CPU's. That's fine per se, but the
critical regions had better be critical for different things (ie they
can't stomp on each other). 

The above is a problem mainly if you end up mixing code - for example the
routines in ll_rw_block() tend to use cli/sti to protect the atomicity of
their actions, and if a driver uses spinlocks instead then you should
think about issues like the above..

This is really the only really hard part about spinlocks: once you start
using spinlocks they tend to expand to areas you might not have noticed
before, because you have to make sure the spinlocks correctly protect the
shared data structures _everywhere_ they are used. The spinlocks are most
easily added to places that are completely independent of other code (ie
internal driver data structures that nobody else ever touches, for
example). 

----

Lesson 2: reader-writer spinlocks.

If your data accesses have a very natural pattern where you usually tend
to mostly read from the shared variables, the reader-writer locks
(rw_lock) versions of the spinlocks are often nicer. They allow multiple
readers to be in the same critical region at once, but if somebody wants
to change the variables it has to get an exclusive write lock. The
routines look the same as above:

   rwlock_t xxx_lock = RW_LOCK_UNLOCKED;


	unsigned long flags;

	read_lock_irqsave(&xxx_lock, flags);
	.. critical section that only reads the info ...
	read_unlock_irqrestore(&xxx_lock, flags);

	write_lock_irqsave(&xxx_lock, flags);
	.. read and write exclusive access to the info ...
	write_unlock_irqrestore(&xxx_lock, flags);

The above kind of lock is useful for complex data structures like linked
lists etc, especially when you know that most of the work is to just
traverse the list searching for entries without changing the list itself,
for example. Then you can use the read lock for that kind of list
traversal, which allows many concurrent readers. Anything that _changes_
the list will have to get the write lock. 

Note: you cannot "upgrade" a read-lock to a write-lock, so if you at _any_
time need to do any changes (even if you don't do it every time), you have
to get the write-lock at the very beginning. I could fairly easily add a
primitive to create a "upgradeable" read-lock, but it hasn't been an issue
yet. Tell me if you'd want one. 

----

Lesson 3: spinlocks revisited.

The single spin-lock primitives above are by no means the only ones. They
are the most safe ones, and the ones that work under all circumstances,
but partly _because_ they are safe they are also fairly slow. They are
much faster than a generic global cli/sti pair, but slower than they'd
need to be, because they do have to disable interrupts (which is just a
single instruction on a x86, but it's an expensive one - and on other
architectures it can be worse).

If you have a case where you have to protect a data structure across
several CPU's and you want to use spinlocks you can potentially use
cheaper versions of the spinlocks. IFF you know that the spinlocks are
never used in interrupt handlers, you can use the non-irq versions:

	spin_lock(&lock);
	...
	spin_unlock(&lock);

(and the equivalent read-write versions too, of course). The spinlock will
guarantee the same kind of exclusive access, and it will be much faster. 
This is useful if you know that the data in question is only ever
manipulated from a "process context", ie no interrupts involved. 

The reasons you mustn't use these versions if you have interrupts that
play with the spinlock is that you can get deadlocks:

	spin_lock(&lock);
	...
		<- interrupt comes in:
			spin_lock(&lock);

where an interrupt tries to lock an already locked variable. This is ok if
the other interrupt happens on another CPU, but it is _not_ ok if the
interrupt happens on the same CPU that already holds the lock, because the
lock will obviously never be released (because the interrupt is waiting
for the lock, and the lock-holder is interrupted by the interrupt and will
not continue until the interrupt has been processed). 

(This is also the reason why the irq-versions of the spinlocks only need
to disable the _local_ interrupts - it's ok to use spinlocks in interrupts
on other CPU's, because an interrupt on another CPU doesn't interrupt the
CPU that holds the lock, so the lock-holder can continue and eventually
releases the lock). 

Note that you can be clever with read-write locks and interrupts. For
example, if you know that the interrupt only ever gets a read-lock, then
you can use a non-irq version of read locks everywhere - because they
don't block on each other (and thus there is no dead-lock wrt interrupts. 
But when you do the write-lock, you have to use the irq-safe version. 

For an example of being clever with rw-locks, see the "waitqueue_lock" 
handling in kernel/sched.c - nothing ever _changes_ a wait-queue from
within an interrupt, they only read the queue in order to know whom to
wake up. So read-locks are safe (which is good: they are very common
indeed), while write-locks need to protect themselves against interrupts.

		Linus
Commit	Line	Data
017f021c EC	1	SPIN_LOCK_UNLOCKED and RW_LOCK_UNLOCKED defeat lockdep state tracking and
017f021c EC	2	are hence deprecated.
1da177e4	3
017f021c EC	4	Please use DEFINE_SPINLOCK()/DEFINE_RWLOCK() or
	5	__SPIN_LOCK_UNLOCKED()/__RW_LOCK_UNLOCKED() as appropriate for static
	6	initialization.
	7
	8	Dynamic initialization, when necessary, may be performed as
	9	demonstrated below.
1da177e4 LT	10
	11	spinlock_t xxx_lock;
	12	rwlock_t xxx_rw_lock;
	13
	14	static int __init xxx_init(void)
	15	{
	16	spin_lock_init(&xxx_lock);
7ad4a5d5	17	rwlock_init(&xxx_rw_lock);
1da177e4 LT	18	...
	19	}
	20
	21	module_init(xxx_init);
	22
017f021c EC	23	The following discussion is still valid, however, with the dynamic
	24	initialization of spinlocks or with DEFINE_SPINLOCK, etc., used
	25	instead of SPIN_LOCK_UNLOCKED.
1da177e4 LT	26
	27	-----------------------
	28
	29	On Fri, 2 Jan 1998, Doug Ledford wrote:
	30	>
	31	> I'm working on making the aic7xxx driver more SMP friendly (as well as
	32	> importing the latest FreeBSD sequencer code to have 7895 support) and wanted
	33	> to get some info from you. The goal here is to make the various routines
	34	> SMP safe as well as UP safe during interrupts and other manipulating
	35	> routines. So far, I've added a spin_lock variable to things like my queue
	36	> structs. Now, from what I recall, there are some spin lock functions I can
	37	> use to lock these spin locks from other use as opposed to a (nasty)
	38	> save_flags(); cli(); stuff; restore_flags(); construct. Where do I find
	39	> these routines and go about making use of them? Do they only lock on a
	40	> per-processor basis or can they also lock say an interrupt routine from
	41	> mucking with a queue if the queue routine was manipulating it when the
	42	> interrupt occurred, or should I still use a cli(); based construct on that
	43	> one?
	44
	45	See <asm/spinlock.h>. The basic version is:
	46
	47	spinlock_t xxx_lock = SPIN_LOCK_UNLOCKED;
	48
	49
	50	unsigned long flags;
	51
	52	spin_lock_irqsave(&xxx_lock, flags);
	53	... critical section here ..
	54	spin_unlock_irqrestore(&xxx_lock, flags);
	55
	56	and the above is always safe. It will disable interrupts _locally_, but the
	57	spinlock itself will guarantee the global lock, so it will guarantee that
	58	there is only one thread-of-control within the region(s) protected by that
	59	lock.
	60
	61	Note that it works well even under UP - the above sequence under UP
	62	essentially is just the same as doing a
	63
	64	unsigned long flags;
	65
	66	save_flags(flags); cli();
	67	... critical section ...
	68	restore_flags(flags);
	69
	70	so the code does _not_ need to worry about UP vs SMP issues: the spinlocks
	71	work correctly under both (and spinlocks are actually more efficient on
	72	architectures that allow doing the "save_flags + cli" in one go because I
	73	don't export that interface normally).
	74
	75	NOTE NOTE NOTE! The reason the spinlock is so much faster than a global
	76	interrupt lock under SMP is exactly because it disables interrupts only on
	77	the local CPU. The spin-lock is safe only when you _also_ use the lock
	78	itself to do locking across CPU's, which implies that EVERYTHING that
	79	touches a shared variable has to agree about the spinlock they want to
	80	use.
	81
	82	The above is usually pretty simple (you usually need and want only one
	83	spinlock for most things - using more than one spinlock can make things a
	84	lot more complex and even slower and is usually worth it only for
	85	sequences that you _know_ need to be split up: avoid it at all cost if you
	86	aren't sure). HOWEVER, it _does_ mean that if you have some code that does
	87
	88	cli();
	89	.. critical section ..
90	sti();
91
92	and another sequence that does
93
94	spin_lock_irqsave(flags);
95	.. critical section ..
96	spin_unlock_irqrestore(flags);
97
98	then they are NOT mutually exclusive, and the critical regions can happen
99	at the same time on two different CPU's. That's fine per se, but the
100	critical regions had better be critical for different things (ie they
101	can't stomp on each other).
102
103	The above is a problem mainly if you end up mixing code - for example the
104	routines in ll_rw_block() tend to use cli/sti to protect the atomicity of
105	their actions, and if a driver uses spinlocks instead then you should
106	think about issues like the above..
107
108	This is really the only really hard part about spinlocks: once you start
109	using spinlocks they tend to expand to areas you might not have noticed
110	before, because you have to make sure the spinlocks correctly protect the
111	shared data structures _everywhere_ they are used. The spinlocks are most
112	easily added to places that are completely independent of other code (ie
113	internal driver data structures that nobody else ever touches, for
114	example).
115
116	----
117
118	Lesson 2: reader-writer spinlocks.
119
120	If your data accesses have a very natural pattern where you usually tend
121	to mostly read from the shared variables, the reader-writer locks
122	(rw_lock) versions of the spinlocks are often nicer. They allow multiple
123	readers to be in the same critical region at once, but if somebody wants
124	to change the variables it has to get an exclusive write lock. The
125	routines look the same as above:
126
127	rwlock_t xxx_lock = RW_LOCK_UNLOCKED;
128
129
130	unsigned long flags;
131
132	read_lock_irqsave(&xxx_lock, flags);
133	.. critical section that only reads the info ...
134	read_unlock_irqrestore(&xxx_lock, flags);
135
136	write_lock_irqsave(&xxx_lock, flags);
137	.. read and write exclusive access to the info ...
138	write_unlock_irqrestore(&xxx_lock, flags);
139
140	The above kind of lock is useful for complex data structures like linked
141	lists etc, especially when you know that most of the work is to just
142	traverse the list searching for entries without changing the list itself,
143	for example. Then you can use the read lock for that kind of list
144	traversal, which allows many concurrent readers. Anything that _changes_
145	the list will have to get the write lock.
146
147	Note: you cannot "upgrade" a read-lock to a write-lock, so if you at _any_
148	time need to do any changes (even if you don't do it every time), you have
149	to get the write-lock at the very beginning. I could fairly easily add a
150	primitive to create a "upgradeable" read-lock, but it hasn't been an issue
151	yet. Tell me if you'd want one.
152
153	----
154
155	Lesson 3: spinlocks revisited.
156
157	The single spin-lock primitives above are by no means the only ones. They
158	are the most safe ones, and the ones that work under all circumstances,
159	but partly _because_ they are safe they are also fairly slow. They are
160	much faster than a generic global cli/sti pair, but slower than they'd
161	need to be, because they do have to disable interrupts (which is just a
162	single instruction on a x86, but it's an expensive one - and on other
163	architectures it can be worse).
164
165	If you have a case where you have to protect a data structure across
166	several CPU's and you want to use spinlocks you can potentially use
167	cheaper versions of the spinlocks. IFF you know that the spinlocks are
168	never used in interrupt handlers, you can use the non-irq versions:
169
170	spin_lock(&lock);
171	...
172	spin_unlock(&lock);
173
174	(and the equivalent read-write versions too, of course). The spinlock will
175	guarantee the same kind of exclusive access, and it will be much faster.
176	This is useful if you know that the data in question is only ever
177	manipulated from a "process context", ie no interrupts involved.
178
179	The reasons you mustn't use these versions if you have interrupts that
180	play with the spinlock is that you can get deadlocks:
181
182	spin_lock(&lock);
183	...
184	<- interrupt comes in:
185	spin_lock(&lock);
186
187	where an interrupt tries to lock an already locked variable. This is ok if
188	the other interrupt happens on another CPU, but it is _not_ ok if the
189	interrupt happens on the same CPU that already holds the lock, because the
190	lock will obviously never be released (because the interrupt is waiting
191	for the lock, and the lock-holder is interrupted by the interrupt and will
192	not continue until the interrupt has been processed).
193
194	(This is also the reason why the irq-versions of the spinlocks only need
195	to disable the _local_ interrupts - it's ok to use spinlocks in interrupts
196	on other CPU's, because an interrupt on another CPU doesn't interrupt the
197	CPU that holds the lock, so the lock-holder can continue and eventually
198	releases the lock).
199
200	Note that you can be clever with read-write locks and interrupts. For
201	example, if you know that the interrupt only ever gets a read-lock, then
202	you can use a non-irq version of read locks everywhere - because they
203	don't block on each other (and thus there is no dead-lock wrt interrupts.
204	But when you do the write-lock, you have to use the irq-safe version.
205
206	For an example of being clever with rw-locks, see the "waitqueue_lock"
207	handling in kernel/sched.c - nothing ever _changes_ a wait-queue from
208	within an interrupt, they only read the queue in order to know whom to
209	wake up. So read-locks are safe (which is good: they are very common
210	indeed), while write-locks need to protect themselves against interrupts.
211
212	Linus
213
214