1 /* SPDX-License-Identifier: GPL-2.0 */
2 /*
3  * Percpu refcounts:
4  * (C) 2012 Google, Inc.
5  * Author: Kent Overstreet <koverstreet@google.com>
6  *
7  * This implements a refcount with similar semantics to atomic_t - atomic_inc(),
8  * atomic_dec_and_test() - but percpu.
9  *
10  * There's one important difference between percpu refs and normal atomic_t
11  * refcounts; you have to keep track of your initial refcount, and then when you
12  * start shutting down you call percpu_ref_kill() _before_ dropping the initial
13  * refcount.
14  *
15  * The refcount will have a range of 0 to ((1U << 31) - 1), i.e. one bit less
16  * than an atomic_t - this is because of the way shutdown works, see
17  * percpu_ref_kill()/PERCPU_COUNT_BIAS.
18  *
19  * Before you call percpu_ref_kill(), percpu_ref_put() does not check for the
20  * refcount hitting 0 - it can't, if it was in percpu mode. percpu_ref_kill()
21  * puts the ref back in single atomic_t mode, collecting the per cpu refs and
22  * issuing the appropriate barriers, and then marks the ref as shutting down so
23  * that percpu_ref_put() will check for the ref hitting 0.  After it returns,
24  * it's safe to drop the initial ref.
25  *
26  * USAGE:
27  *
28  * See fs/aio.c for some example usage; it's used there for struct kioctx, which
29  * is created when userspaces calls io_setup(), and destroyed when userspace
30  * calls io_destroy() or the process exits.
31  *
32  * In the aio code, kill_ioctx() is called when we wish to destroy a kioctx; it
33  * calls percpu_ref_kill(), then hlist_del_rcu() and synchronize_rcu() to remove
34  * the kioctx from the proccess's list of kioctxs - after that, there can't be
35  * any new users of the kioctx (from lookup_ioctx()) and it's then safe to drop
36  * the initial ref with percpu_ref_put().
37  *
38  * Code that does a two stage shutdown like this often needs some kind of
39  * explicit synchronization to ensure the initial refcount can only be dropped
40  * once - percpu_ref_kill() does this for you, it returns true once and false if
41  * someone else already called it. The aio code uses it this way, but it's not
42  * necessary if the code has some other mechanism to synchronize teardown.
43  * around.
44  */
45 
46 #ifndef _LINUX_PERCPU_REFCOUNT_H
47 #define _LINUX_PERCPU_REFCOUNT_H
48 
49 #include <linux/atomic.h>
50 #include <linux/kernel.h>
51 #include <linux/percpu.h>
52 #include <linux/rcupdate.h>
53 #include <linux/gfp.h>
54 
55 struct percpu_ref;
56 typedef void (percpu_ref_func_t)(struct percpu_ref *);
57 
58 /* flags set in the lower bits of percpu_ref->percpu_count_ptr */
59 enum {
60 	__PERCPU_REF_ATOMIC	= 1LU << 0,	/* operating in atomic mode */
61 	__PERCPU_REF_DEAD	= 1LU << 1,	/* (being) killed */
62 	__PERCPU_REF_ATOMIC_DEAD = __PERCPU_REF_ATOMIC | __PERCPU_REF_DEAD,
63 
64 	__PERCPU_REF_FLAG_BITS	= 2,
65 };
66 
67 /* @flags for percpu_ref_init() */
68 enum {
69 	/*
70 	 * Start w/ ref == 1 in atomic mode.  Can be switched to percpu
71 	 * operation using percpu_ref_switch_to_percpu().  If initialized
72 	 * with this flag, the ref will stay in atomic mode until
73 	 * percpu_ref_switch_to_percpu() is invoked on it.
74 	 */
75 	PERCPU_REF_INIT_ATOMIC	= 1 << 0,
76 
77 	/*
78 	 * Start dead w/ ref == 0 in atomic mode.  Must be revived with
79 	 * percpu_ref_reinit() before used.  Implies INIT_ATOMIC.
80 	 */
81 	PERCPU_REF_INIT_DEAD	= 1 << 1,
82 };
83 
84 struct percpu_ref {
85 	atomic_long_t		count;
86 	/*
87 	 * The low bit of the pointer indicates whether the ref is in percpu
88 	 * mode; if set, then get/put will manipulate the atomic_t.
89 	 */
90 	unsigned long		percpu_count_ptr;
91 	percpu_ref_func_t	*release;
92 	percpu_ref_func_t	*confirm_switch;
93 	bool			force_atomic:1;
94 	struct rcu_head		rcu;
95 };
96 
97 int __must_check percpu_ref_init(struct percpu_ref *ref,
98 				 percpu_ref_func_t *release, unsigned int flags,
99 				 gfp_t gfp);
100 void percpu_ref_exit(struct percpu_ref *ref);
101 void percpu_ref_switch_to_atomic(struct percpu_ref *ref,
102 				 percpu_ref_func_t *confirm_switch);
103 void percpu_ref_switch_to_atomic_sync(struct percpu_ref *ref);
104 void percpu_ref_switch_to_percpu(struct percpu_ref *ref);
105 void percpu_ref_kill_and_confirm(struct percpu_ref *ref,
106 				 percpu_ref_func_t *confirm_kill);
107 void percpu_ref_reinit(struct percpu_ref *ref);
108 
109 /**
110  * percpu_ref_kill - drop the initial ref
111  * @ref: percpu_ref to kill
112  *
113  * Must be used to drop the initial ref on a percpu refcount; must be called
114  * precisely once before shutdown.
115  *
116  * Puts @ref in non percpu mode, then does a call_rcu() before gathering up the
117  * percpu counters and dropping the initial ref.
118  */
119 static inline void percpu_ref_kill(struct percpu_ref *ref)
120 {
121 	percpu_ref_kill_and_confirm(ref, NULL);
122 }
123 
124 /*
125  * Internal helper.  Don't use outside percpu-refcount proper.  The
126  * function doesn't return the pointer and let the caller test it for NULL
127  * because doing so forces the compiler to generate two conditional
128  * branches as it can't assume that @ref->percpu_count is not NULL.
129  */
130 static inline bool __ref_is_percpu(struct percpu_ref *ref,
131 					  unsigned long __percpu **percpu_countp)
132 {
133 	unsigned long percpu_ptr;
134 
135 	/*
136 	 * The value of @ref->percpu_count_ptr is tested for
137 	 * !__PERCPU_REF_ATOMIC, which may be set asynchronously, and then
138 	 * used as a pointer.  If the compiler generates a separate fetch
139 	 * when using it as a pointer, __PERCPU_REF_ATOMIC may be set in
140 	 * between contaminating the pointer value, meaning that
141 	 * READ_ONCE() is required when fetching it.
142 	 */
143 	percpu_ptr = READ_ONCE(ref->percpu_count_ptr);
144 
145 	/* paired with smp_store_release() in __percpu_ref_switch_to_percpu() */
146 	smp_read_barrier_depends();
147 
148 	/*
149 	 * Theoretically, the following could test just ATOMIC; however,
150 	 * then we'd have to mask off DEAD separately as DEAD may be
151 	 * visible without ATOMIC if we race with percpu_ref_kill().  DEAD
152 	 * implies ATOMIC anyway.  Test them together.
153 	 */
154 	if (unlikely(percpu_ptr & __PERCPU_REF_ATOMIC_DEAD))
155 		return false;
156 
157 	*percpu_countp = (unsigned long __percpu *)percpu_ptr;
158 	return true;
159 }
160 
161 /**
162  * percpu_ref_get_many - increment a percpu refcount
163  * @ref: percpu_ref to get
164  * @nr: number of references to get
165  *
166  * Analogous to atomic_long_add().
167  *
168  * This function is safe to call as long as @ref is between init and exit.
169  */
170 static inline void percpu_ref_get_many(struct percpu_ref *ref, unsigned long nr)
171 {
172 	unsigned long __percpu *percpu_count;
173 
174 	rcu_read_lock_sched();
175 
176 	if (__ref_is_percpu(ref, &percpu_count))
177 		this_cpu_add(*percpu_count, nr);
178 	else
179 		atomic_long_add(nr, &ref->count);
180 
181 	rcu_read_unlock_sched();
182 }
183 
184 /**
185  * percpu_ref_get - increment a percpu refcount
186  * @ref: percpu_ref to get
187  *
188  * Analagous to atomic_long_inc().
189  *
190  * This function is safe to call as long as @ref is between init and exit.
191  */
192 static inline void percpu_ref_get(struct percpu_ref *ref)
193 {
194 	percpu_ref_get_many(ref, 1);
195 }
196 
197 /**
198  * percpu_ref_tryget - try to increment a percpu refcount
199  * @ref: percpu_ref to try-get
200  *
201  * Increment a percpu refcount unless its count already reached zero.
202  * Returns %true on success; %false on failure.
203  *
204  * This function is safe to call as long as @ref is between init and exit.
205  */
206 static inline bool percpu_ref_tryget(struct percpu_ref *ref)
207 {
208 	unsigned long __percpu *percpu_count;
209 	bool ret;
210 
211 	rcu_read_lock_sched();
212 
213 	if (__ref_is_percpu(ref, &percpu_count)) {
214 		this_cpu_inc(*percpu_count);
215 		ret = true;
216 	} else {
217 		ret = atomic_long_inc_not_zero(&ref->count);
218 	}
219 
220 	rcu_read_unlock_sched();
221 
222 	return ret;
223 }
224 
225 /**
226  * percpu_ref_tryget_live - try to increment a live percpu refcount
227  * @ref: percpu_ref to try-get
228  *
229  * Increment a percpu refcount unless it has already been killed.  Returns
230  * %true on success; %false on failure.
231  *
232  * Completion of percpu_ref_kill() in itself doesn't guarantee that this
233  * function will fail.  For such guarantee, percpu_ref_kill_and_confirm()
234  * should be used.  After the confirm_kill callback is invoked, it's
235  * guaranteed that no new reference will be given out by
236  * percpu_ref_tryget_live().
237  *
238  * This function is safe to call as long as @ref is between init and exit.
239  */
240 static inline bool percpu_ref_tryget_live(struct percpu_ref *ref)
241 {
242 	unsigned long __percpu *percpu_count;
243 	bool ret = false;
244 
245 	rcu_read_lock_sched();
246 
247 	if (__ref_is_percpu(ref, &percpu_count)) {
248 		this_cpu_inc(*percpu_count);
249 		ret = true;
250 	} else if (!(ref->percpu_count_ptr & __PERCPU_REF_DEAD)) {
251 		ret = atomic_long_inc_not_zero(&ref->count);
252 	}
253 
254 	rcu_read_unlock_sched();
255 
256 	return ret;
257 }
258 
259 /**
260  * percpu_ref_put_many - decrement a percpu refcount
261  * @ref: percpu_ref to put
262  * @nr: number of references to put
263  *
264  * Decrement the refcount, and if 0, call the release function (which was passed
265  * to percpu_ref_init())
266  *
267  * This function is safe to call as long as @ref is between init and exit.
268  */
269 static inline void percpu_ref_put_many(struct percpu_ref *ref, unsigned long nr)
270 {
271 	unsigned long __percpu *percpu_count;
272 
273 	rcu_read_lock_sched();
274 
275 	if (__ref_is_percpu(ref, &percpu_count))
276 		this_cpu_sub(*percpu_count, nr);
277 	else if (unlikely(atomic_long_sub_and_test(nr, &ref->count)))
278 		ref->release(ref);
279 
280 	rcu_read_unlock_sched();
281 }
282 
283 /**
284  * percpu_ref_put - decrement a percpu refcount
285  * @ref: percpu_ref to put
286  *
287  * Decrement the refcount, and if 0, call the release function (which was passed
288  * to percpu_ref_init())
289  *
290  * This function is safe to call as long as @ref is between init and exit.
291  */
292 static inline void percpu_ref_put(struct percpu_ref *ref)
293 {
294 	percpu_ref_put_many(ref, 1);
295 }
296 
297 /**
298  * percpu_ref_is_dying - test whether a percpu refcount is dying or dead
299  * @ref: percpu_ref to test
300  *
301  * Returns %true if @ref is dying or dead.
302  *
303  * This function is safe to call as long as @ref is between init and exit
304  * and the caller is responsible for synchronizing against state changes.
305  */
306 static inline bool percpu_ref_is_dying(struct percpu_ref *ref)
307 {
308 	return ref->percpu_count_ptr & __PERCPU_REF_DEAD;
309 }
310 
311 /**
312  * percpu_ref_is_zero - test whether a percpu refcount reached zero
313  * @ref: percpu_ref to test
314  *
315  * Returns %true if @ref reached zero.
316  *
317  * This function is safe to call as long as @ref is between init and exit.
318  */
319 static inline bool percpu_ref_is_zero(struct percpu_ref *ref)
320 {
321 	unsigned long __percpu *percpu_count;
322 
323 	if (__ref_is_percpu(ref, &percpu_count))
324 		return false;
325 	return !atomic_long_read(&ref->count);
326 }
327 
328 #endif
329