Copyright (c) 2006 Steven Rostedt
   Licensed under the GNU Free Documentation License, Version 1.2
   6RT-mutex implementation design
   9This document tries to describe the design of the rtmutex.c implementation.
  10It doesn't describe the reasons why rtmutex.c exists. For that please see
  11Documentation/rt-mutex.txt.  Although this document does explain problems
  12that happen without this code, but that is in the concept to understand
  13what the code actually is doing.
  15The goal of this document is to help others understand the priority
  16inheritance (PI) algorithm that is used, as well as reasons for the
  17decisions that were made to implement PI in the manner that was done.
  20Unbounded Priority Inversion
  23Priority inversion is when a lower priority process executes while a higher
  24priority process wants to run.  This happens for several reasons, and
  25most of the time it can't be helped.  Anytime a high priority process wants
  26to use a resource that a lower priority process has (a mutex for example),
  27the high priority process must wait until the lower priority process is done
  28with the resource.  This is a priority inversion.  What we want to prevent
  29is something called unbounded priority inversion.  That is when the high
  30priority process is prevented from running by a lower priority process for
  31an undetermined amount of time.
  33The classic example of unbounded priority inversion is were you have three
  34processes, let's call them processes A, B, and C, where A is the highest
  35priority process, C is the lowest, and B is in between. A tries to grab a lock
  36that C owns and must wait and lets C run to release the lock. But in the
  37meantime, B executes, and since B is of a higher priority than C, it preempts C,
  38but by doing so, it is in fact preempting A which is a higher priority process.
  39Now there's no way of knowing how long A will be sleeping waiting for C
  40to release the lock, because for all we know, B is a CPU hog and will
  41never give C a chance to release the lock.  This is called unbounded priority
  44Here's a little ASCII art to show the problem.
  46   grab lock L1 (owned by C)
  47     |
  48A ---+
  49        C preempted by B
  50          |
  51C    +----+
  53B         +-------->
  54                B now keeps A from running.
  57Priority Inheritance (PI)
  60There are several ways to solve this issue, but other ways are out of scope
  61for this document.  Here we only discuss PI.
  63PI is where a process inherits the priority of another process if the other
  64process blocks on a lock owned by the current process.  To make this easier
  65to understand, let's use the previous example, with processes A, B, and C again.
  67This time, when A blocks on the lock owned by C, C would inherit the priority
  68of A.  So now if B becomes runnable, it would not preempt C, since C now has
  69the high priority of A.  As soon as C releases the lock, it loses its
  70inherited priority, and A then can continue with the resource that C had.
  75Here I explain some terminology that is used in this document to help describe
  76the design that is used to implement PI.
  78PI chain - The PI chain is an ordered series of locks and processes that cause
  79           processes to inherit priorities from a previous process that is
  80           blocked on one of its locks.  This is described in more detail
  81           later in this document.
  83mutex    - In this document, to differentiate from locks that implement
  84           PI and spin locks that are used in the PI code, from now on
  85           the PI locks will be called a mutex.
  87lock     - In this document from now on, I will use the term lock when
  88           referring to spin locks that are used to protect parts of the PI
  89           algorithm.  These locks disable preemption for UP (when
  90           CONFIG_PREEMPT is enabled) and on SMP prevents multiple CPUs from
  91           entering critical sections simultaneously.
  93spin lock - Same as lock above.
  95waiter   - A waiter is a struct that is stored on the stack of a blocked
  96           process.  Since the scope of the waiter is within the code for
  97           a process being blocked on the mutex, it is fine to allocate
  98           the waiter on the process's stack (local variable).  This
  99           structure holds a pointer to the task, as well as the mutex that
 100           the task is blocked on.  It also has the plist node structures to
 101           place the task in the waiter_list of a mutex as well as the
 102           pi_list of a mutex owner task (described below).
 104           waiter is sometimes used in reference to the task that is waiting
 105           on a mutex. This is the same as waiter->task.
 107waiters  - A list of processes that are blocked on a mutex.
 109top waiter - The highest priority process waiting on a specific mutex.
 111top pi waiter - The highest priority process waiting on one of the mutexes
 112                that a specific process owns.
 114Note:  task and process are used interchangeably in this document, mostly to
 115       differentiate between two processes that are being described together.
 118PI chain
 121The PI chain is a list of processes and mutexes that may cause priority
 122inheritance to take place.  Multiple chains may converge, but a chain
 123would never diverge, since a process can't be blocked on more than one
 124mutex at a time.
 128   Process:  A, B, C, D, E
 129   Mutexes:  L1, L2, L3, L4
 131   A owns: L1
 132           B blocked on L1
 133           B owns L2
 134                  C blocked on L2
 135                  C owns L3
 136                         D blocked on L3
 137                         D owns L4
 138                                E blocked on L4
 140The chain would be:
 142   E->L4->D->L3->C->L2->B->L1->A
 144To show where two chains merge, we could add another process F and
 145another mutex L5 where B owns L5 and F is blocked on mutex L5.
 147The chain for F would be:
 149   F->L5->B->L1->A
 151Since a process may own more than one mutex, but never be blocked on more than
 152one, the chains merge.
 154Here we show both chains:
 156   E->L4->D->L3->C->L2-+
 157                       |
 158                       +->B->L1->A
 159                       |
 160                 F->L5-+
 162For PI to work, the processes at the right end of these chains (or we may
 163also call it the Top of the chain) must be equal to or higher in priority
 164than the processes to the left or below in the chain.
 166Also since a mutex may have more than one process blocked on it, we can
 167have multiple chains merge at mutexes.  If we add another process G that is
 168blocked on mutex L2:
 170  G->L2->B->L1->A
 172And once again, to show how this can grow I will show the merging chains
 175   E->L4->D->L3->C-+
 176                   +->L2-+
 177                   |     |
 178                 G-+     +->B->L1->A
 179                         |
 180                   F->L5-+
 186Before I go further and talk about how the PI chain is stored through lists
 187on both mutexes and processes, I'll explain the plist.  This is similar to
 188the struct list_head functionality that is already in the kernel.
 189The implementation of plist is out of scope for this document, but it is
 190very important to understand what it does.
 192There are a few differences between plist and list, the most important one
 193being that plist is a priority sorted linked list.  This means that the
 194priorities of the plist are sorted, such that it takes O(1) to retrieve the
 195highest priority item in the list.  Obviously this is useful to store processes
 196based on their priorities.
 198Another difference, which is important for implementation, is that, unlike
 199list, the head of the list is a different element than the nodes of a list.
 200So the head of the list is declared as struct plist_head and nodes that will
 201be added to the list are declared as struct plist_node.
 204Mutex Waiter List
 207Every mutex keeps track of all the waiters that are blocked on itself. The mutex
 208has a plist to store these waiters by priority.  This list is protected by
 209a spin lock that is located in the struct of the mutex. This lock is called
 210wait_lock.  Since the modification of the waiter list is never done in
 211interrupt context, the wait_lock can be taken without disabling interrupts.
 214Task PI List
 217To keep track of the PI chains, each process has its own PI list.  This is
 218a list of all top waiters of the mutexes that are owned by the process.
 219Note that this list only holds the top waiters and not all waiters that are
 220blocked on mutexes owned by the process.
 222The top of the task's PI list is always the highest priority task that
 223is waiting on a mutex that is owned by the task.  So if the task has
 224inherited a priority, it will always be the priority of the task that is
 225at the top of this list.
 227This list is stored in the task structure of a process as a plist called
 228pi_list.  This list is protected by a spin lock also in the task structure,
 229called pi_lock.  This lock may also be taken in interrupt context, so when
 230locking the pi_lock, interrupts must be disabled.
 233Depth of the PI Chain
 236The maximum depth of the PI chain is not dynamic, and could actually be
 237defined.  But is very complex to figure it out, since it depends on all
 238the nesting of mutexes.  Let's look at the example where we have 3 mutexes,
 239L1, L2, and L3, and four separate functions func1, func2, func3 and func4.
 240The following shows a locking order of L1->L2->L3, but may not actually
