include/linux/percpu-refcount.h

   1 /*
   2  * Percpu refcounts:
   3  * (C) 2012 Google, Inc.
   4  * Author: Kent Overstreet <koverstreet@google.com>
   5  *
   6  * This implements a refcount with similar semantics to atomic_t - atomic_inc(),
   7  * atomic_dec_and_test() - but percpu.
   8  *
   9  * There's one important difference between percpu refs and normal atomic_t
  10  * refcounts; you have to keep track of your initial refcount, and then when you
  11  * start shutting down you call percpu_ref_kill() _before_ dropping the initial
  12  * refcount.
  13  *
  14  * The refcount will have a range of 0 to ((1U << 31) - 1), i.e. one bit less
  15  * than an atomic_t - this is because of the way shutdown works, see
  16  * percpu_ref_kill()/PERCPU_COUNT_BIAS.
  17  *
  18  * Before you call percpu_ref_kill(), percpu_ref_put() does not check for the
  19  * refcount hitting 0 - it can't, if it was in percpu mode. percpu_ref_kill()
  20  * puts the ref back in single atomic_t mode, collecting the per cpu refs and
  21  * issuing the appropriate barriers, and then marks the ref as shutting down so
  22  * that percpu_ref_put() will check for the ref hitting 0.  After it returns,
  23  * it's safe to drop the initial ref.
  24  *
  25  * USAGE:
  26  *
  27  * See fs/aio.c for some example usage; it's used there for struct kioctx, which
  28  * is created when userspaces calls io_setup(), and destroyed when userspace
  29  * calls io_destroy() or the process exits.
  30  *
  31  * In the aio code, kill_ioctx() is called when we wish to destroy a kioctx; it
  32  * calls percpu_ref_kill(), then hlist_del_rcu() and synchronize_rcu() to remove
  33  * the kioctx from the proccess's list of kioctxs - after that, there can't be
  34  * any new users of the kioctx (from lookup_ioctx()) and it's then safe to drop
  35  * the initial ref with percpu_ref_put().
  36  *
  37  * Code that does a two stage shutdown like this often needs some kind of
  38  * explicit synchronization to ensure the initial refcount can only be dropped
  39  * once - percpu_ref_kill() does this for you, it returns true once and false if
  40  * someone else already called it. The aio code uses it this way, but it's not
  41  * necessary if the code has some other mechanism to synchronize teardown.
  42  * around.
  43  */
  44
  45 #ifndef _LINUX_PERCPU_REFCOUNT_H
  46 #define _LINUX_PERCPU_REFCOUNT_H
  47
  48 #include <linux/atomic.h>
  49 #include <linux/kernel.h>
  50 #include <linux/percpu.h>
  51 #include <linux/rcupdate.h>
  52 #include <linux/gfp.h>
  53
  54 struct percpu_ref;
  55 typedef void (percpu_ref_func_t)(struct percpu_ref *);
  56
  57 /* flags set in the lower bits of percpu_ref->percpu_count_ptr */
  58 enum {
  59         __PERCPU_REF_ATOMIC     = 1LU << 0,     /* operating in atomic mode */
  60         __PERCPU_REF_DEAD       = 1LU << 1,     /* (being) killed */
  61         __PERCPU_REF_ATOMIC_DEAD = __PERCPU_REF_ATOMIC | __PERCPU_REF_DEAD,
  62
  63         __PERCPU_REF_FLAG_BITS  = 2,
  64 };
  65
  66 /* @flags for percpu_ref_init() */
  67 enum {
  68         /*
  69          * Start w/ ref == 1 in atomic mode.  Can be switched to percpu
  70          * operation using percpu_ref_switch_to_percpu().  If initialized
  71          * with this flag, the ref will stay in atomic mode until
  72          * percpu_ref_switch_to_percpu() is invoked on it.
  73          */
  74         PERCPU_REF_INIT_ATOMIC  = 1 << 0,
  75
  76         /*
  77          * Start dead w/ ref == 0 in atomic mode.  Must be revived with
  78          * percpu_ref_reinit() before used.  Implies INIT_ATOMIC.
  79          */
  80         PERCPU_REF_INIT_DEAD    = 1 << 1,
  81 };
  82
  83 struct percpu_ref {
  84         atomic_long_t           count;
  85         /*
  86          * The low bit of the pointer indicates whether the ref is in percpu
  87          * mode; if set, then get/put will manipulate the atomic_t.
  88          */
  89         unsigned long           percpu_count_ptr;
  90         percpu_ref_func_t       *release;
  91         percpu_ref_func_t       *confirm_switch;
  92         bool                    force_atomic:1;
  93         struct rcu_head         rcu;
  94 };
  95
  96 int __must_check percpu_ref_init(struct percpu_ref *ref,
  97                                  percpu_ref_func_t *release, unsigned int flags,
  98                                  gfp_t gfp);
  99 void percpu_ref_exit(struct percpu_ref *ref);
 100 void percpu_ref_switch_to_atomic(struct percpu_ref *ref,
 101                                  percpu_ref_func_t *confirm_switch);
 102 void percpu_ref_switch_to_atomic_sync(struct percpu_ref *ref);
 103 void percpu_ref_switch_to_percpu(struct percpu_ref *ref);
 104 void percpu_ref_kill_and_confirm(struct percpu_ref *ref,
 105                                  percpu_ref_func_t *confirm_kill);
 106 void percpu_ref_reinit(struct percpu_ref *ref);
 107
 108 /**
 109  * percpu_ref_kill - drop the initial ref
 110  * @ref: percpu_ref to kill
 111  *
 112  * Must be used to drop the initial ref on a percpu refcount; must be called
 113  * precisely once before shutdown.
 114  *
 115  * Puts @ref in non percpu mode, then does a call_rcu() before gathering up the
 116  * percpu counters and dropping the initial ref.
 117  */
 118 static inline void percpu_ref_kill(struct percpu_ref *ref)
 119 {
 120         percpu_ref_kill_and_confirm(ref, NULL);
 121 }
 122
 123 /*
 124  * Internal helper.  Don't use outside percpu-refcount proper.  The
 125  * function doesn't return the pointer and let the caller test it for NULL
 126  * because doing so forces the compiler to generate two conditional
 127  * branches as it can't assume that @ref->percpu_count is not NULL.
 128  */
 129 static inline bool __ref_is_percpu(struct percpu_ref *ref,
 130                                           unsigned long __percpu **percpu_countp)
 131 {
 132         unsigned long percpu_ptr;
 133
 134         /*
 135          * The value of @ref->percpu_count_ptr is tested for
 136          * !__PERCPU_REF_ATOMIC, which may be set asynchronously, and then
 137          * used as a pointer.  If the compiler generates a separate fetch
 138          * when using it as a pointer, __PERCPU_REF_ATOMIC may be set in
 139          * between contaminating the pointer value, meaning that
 140          * READ_ONCE() is required when fetching it.
 141          */
 142         percpu_ptr = READ_ONCE(ref->percpu_count_ptr);
 143
 144         /* paired with smp_store_release() in __percpu_ref_switch_to_percpu() */
 145         smp_read_barrier_depends();
 146
 147         /*
 148          * Theoretically, the following could test just ATOMIC; however,
 149          * then we'd have to mask off DEAD separately as DEAD may be
 150          * visible without ATOMIC if we race with percpu_ref_kill().  DEAD
 151          * implies ATOMIC anyway.  Test them together.
 152          */
 153         if (unlikely(percpu_ptr & __PERCPU_REF_ATOMIC_DEAD))
 154                 return false;
 155
 156         *percpu_countp = (unsigned long __percpu *)percpu_ptr;
 157         return true;
 158 }
 159
 160 /**
 161  * percpu_ref_get_many - increment a percpu refcount
 162  * @ref: percpu_ref to get
 163  * @nr: number of references to get
 164  *
 165  * Analogous to atomic_long_add().
 166  *
 167  * This function is safe to call as long as @ref is between init and exit.
 168  */
 169 static inline void percpu_ref_get_many(struct percpu_ref *ref, unsigned long nr)
 170 {
 171         unsigned long __percpu *percpu_count;
 172
 173         rcu_read_lock_sched();
 174
 175         if (__ref_is_percpu(ref, &percpu_count))
 176                 this_cpu_add(*percpu_count, nr);
 177         else
 178                 atomic_long_add(nr, &ref->count);
 179
 180         rcu_read_unlock_sched();
 181 }
 182
 183 /**
 184  * percpu_ref_get - increment a percpu refcount
 185  * @ref: percpu_ref to get
 186  *
 187  * Analagous to atomic_long_inc().
 188  *
 189  * This function is safe to call as long as @ref is between init and exit.
 190  */
 191 static inline void percpu_ref_get(struct percpu_ref *ref)
 192 {
 193         percpu_ref_get_many(ref, 1);
 194 }
 195
 196 /**
 197  * percpu_ref_tryget - try to increment a percpu refcount
 198  * @ref: percpu_ref to try-get
 199  *
 200  * Increment a percpu refcount unless its count already reached zero.
 201  * Returns %true on success; %false on failure.
 202  *
 203  * This function is safe to call as long as @ref is between init and exit.
 204  */
 205 static inline bool percpu_ref_tryget(struct percpu_ref *ref)
 206 {
 207         unsigned long __percpu *percpu_count;
 208         bool ret;
 209
 210         rcu_read_lock_sched();
 211
 212         if (__ref_is_percpu(ref, &percpu_count)) {
 213                 this_cpu_inc(*percpu_count);
 214                 ret = true;
 215         } else {
 216                 ret = atomic_long_inc_not_zero(&ref->count);
 217         }
 218
 219         rcu_read_unlock_sched();
 220
 221         return ret;
 222 }
 223
 224 /**
 225  * percpu_ref_tryget_live - try to increment a live percpu refcount
 226  * @ref: percpu_ref to try-get
 227  *
 228  * Increment a percpu refcount unless it has already been killed.  Returns
 229  * %true on success; %false on failure.
 230  *
 231  * Completion of percpu_ref_kill() in itself doesn't guarantee that this
 232  * function will fail.  For such guarantee, percpu_ref_kill_and_confirm()
 233  * should be used.  After the confirm_kill callback is invoked, it's
 234  * guaranteed that no new reference will be given out by
 235  * percpu_ref_tryget_live().
 236  *
 237  * This function is safe to call as long as @ref is between init and exit.
 238  */
 239 static inline bool percpu_ref_tryget_live(struct percpu_ref *ref)
 240 {
 241         unsigned long __percpu *percpu_count;
 242         bool ret = false;
 243
 244         rcu_read_lock_sched();
 245
 246         if (__ref_is_percpu(ref, &percpu_count)) {
 247                 this_cpu_inc(*percpu_count);
 248                 ret = true;
 249         } else if (!(ref->percpu_count_ptr & __PERCPU_REF_DEAD)) {
 250                 ret = atomic_long_inc_not_zero(&ref->count);
 251         }
 252
 253         rcu_read_unlock_sched();
 254
 255         return ret;
 256 }
 257
 258 /**
 259  * percpu_ref_put_many - decrement a percpu refcount
 260  * @ref: percpu_ref to put
 261  * @nr: number of references to put
 262  *
 263  * Decrement the refcount, and if 0, call the release function (which was passed
 264  * to percpu_ref_init())
 265  *
 266  * This function is safe to call as long as @ref is between init and exit.
 267  */
 268 static inline void percpu_ref_put_many(struct percpu_ref *ref, unsigned long nr)
 269 {
 270         unsigned long __percpu *percpu_count;
 271
 272         rcu_read_lock_sched();
 273
 274         if (__ref_is_percpu(ref, &percpu_count))
 275                 this_cpu_sub(*percpu_count, nr);
 276         else if (unlikely(atomic_long_sub_and_test(nr, &ref->count)))
 277                 ref->release(ref);
 278
 279         rcu_read_unlock_sched();
 280 }
 281
 282 /**
 283  * percpu_ref_put - decrement a percpu refcount
 284  * @ref: percpu_ref to put
 285  *
 286  * Decrement the refcount, and if 0, call the release function (which was passed
 287  * to percpu_ref_init())
 288  *
 289  * This function is safe to call as long as @ref is between init and exit.
 290  */
 291 static inline void percpu_ref_put(struct percpu_ref *ref)
 292 {
 293         percpu_ref_put_many(ref, 1);
 294 }
 295
 296 /**
 297  * percpu_ref_is_dying - test whether a percpu refcount is dying or dead
 298  * @ref: percpu_ref to test
 299  *
 300  * Returns %true if @ref is dying or dead.
 301  *
 302  * This function is safe to call as long as @ref is between init and exit
 303  * and the caller is responsible for synchronizing against state changes.
 304  */
 305 static inline bool percpu_ref_is_dying(struct percpu_ref *ref)
 306 {
 307         return ref->percpu_count_ptr & __PERCPU_REF_DEAD;
 308 }
 309
 310 /**
 311  * percpu_ref_is_zero - test whether a percpu refcount reached zero
 312  * @ref: percpu_ref to test
 313  *
 314  * Returns %true if @ref reached zero.
 315  *
 316  * This function is safe to call as long as @ref is between init and exit.
 317  */
 318 static inline bool percpu_ref_is_zero(struct percpu_ref *ref)
 319 {
 320         unsigned long __percpu *percpu_count;
 321
 322         if (__ref_is_percpu(ref, &percpu_count))
 323                 return false;
 324         return !atomic_long_read(&ref->count);
 325 }
 326
 327 #endif