1.\" 2.\" Copyright (C) 2018 Matthew Macy <mmacy@FreeBSD.org>. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice(s), this list of conditions and the following disclaimer as 9.\" the first lines of this file unmodified other than the possible 10.\" addition of one or more copyright notices. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice(s), this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER(S) ``AS IS'' AND ANY 16.\" EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 17.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 18.\" DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) BE LIABLE FOR ANY 19.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 20.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 21.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 22.\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH 25.\" DAMAGE. 26.\" 27.\" $FreeBSD$ 28.\" 29.Dd May 13, 2018 30.Dt EPOCH 9 31.Os 32.Sh NAME 33.Nm epoch , 34.Nm epoch_context , 35.Nm epoch_alloc , 36.Nm epoch_free , 37.Nm epoch_enter , 38.Nm epoch_exit , 39.Nm epoch_wait , 40.Nm epoch_call , 41.Nm in_epoch , 42.Nd kernel epoch based reclaimation 43.Sh SYNOPSIS 44.In sys/param.h 45.In sys/proc.h 46.In sys/epoch.h 47.Ft epoch_t 48.Fn epoch_alloc "int flags" 49.Ft void 50.Fn epoch_enter "epoch_t epoch" 51.Ft void 52.Fn epoch_enter_preempt "epoch_t epoch" 53.Ft void 54.Fn epoch_exit "epoch_t epoch" 55.Ft void 56.Fn epoch_exit_preempt "epoch_t epoch" 57.Ft void 58.Fn epoch_wait "epoch_t epoch" 59.Ft void 60.Fn epoch_wait_preempt "epoch_t epoch" 61.Ft void 62.Fn epoch_call "epoch_t epoch" "epoch_context_t ctx" "void (*callback) (epoch_context_t)" 63.Ft int 64.Fn in_epoch "void" 65.Sh DESCRIPTION 66Epochs are used to guarantee liveness and immutability of data by 67deferring reclamation and mutation until a grace period has elapsed. 68Epochs do not have any lock ordering issues. Entering and leaving 69an epoch section will never block. 70.Pp 71Epochs are allocated with 72.Fn epoch_alloc 73and freed with 74.Fn epoch_free . 75The flags passed to epoch_alloc determine whether preemption is 76allowed during a section or not (the dafult), as specified by 77EPOCH_PREEMPT. 78Threads indicate the start of an epoch critical section by calling 79.Fn epoch_enter . 80The end of a critical section is indicated by calling 81.Fn epoch_exit . 82The _preempt variants can be used around code which requires preemption. 83A thread can wait until a grace period has elapsed 84since any threads have entered 85the epoch by calling 86.Fn epoch_wait 87or 88.Fn epoch_wait_preempt , 89depending on the epoch_type. 90The use of a default epoch type allows one to use 91.Fn epoch_wait 92which is guaranteed to have much shorter completion times since 93we know that none of the threads in an epoch section will be preempted 94before completing its section. 95If the thread can't sleep or is otherwise in a performance sensitive 96path it can ensure that a grace period has elapsed by calling 97.Fn epoch_call 98with a callback with any work that needs to wait for an epoch to elapse. 99Only non-sleepable locks can be acquired during a section protected by 100.Fn epoch_enter_preempt 101and 102.Fn epoch_exit_preempt . 103INVARIANTS can assert that a thread is in an epoch by using 104.Fn in_epoch . 105.Pp 106The epoch API currently does not support sleeping in epoch_preempt sections. 107A caller cannot do epoch_enter recursively on different preemptible epochs. A 108caller should never call 109.Fn epoch_wait 110in the middle of an epoch section as this will lead to a deadlock. 111.Pp 112Note that epochs are not a straight replacement for read locks. Callers 113must use safe list and tailq traversal routines in an epoch (see ck_queue). 114When modifying a list referenced from an epoch section safe removal 115routines must be used and the caller can no longer modify a list entry 116in place. An item to be modified must be handled with copy on write 117and frees must be deferred until after a grace period has elapsed. 118.Sh RETURN VALUES 119.Fn in_epoch 120will return 1 if curthread is in an epoch, 0 otherwise. 121.Sh CAVEATS 122One must be cautious when using 123.Fn epoch_wait_preempt 124threads are pinned during epoch sections so if a thread in a section is then 125preempted by a higher priority compute bound thread on that CPU it can be 126prevented from leaving the section. Thus the wait time for the waiter is 127potentially unbounded. 128.Sh EXAMPLES 129Async free example: 130 131Thread 1: 132.Bd -literal 133int 134in_pcbladdr(struct inpcb *inp, struct in_addr *faddr, struct in_laddr *laddr, 135 struct ucred *cred) 136{ 137 /* ... */ 138 epoch_enter(net_epoch); 139 CK_STAILQ_FOREACH(ifa, &ifp->if_addrhead, ifa_link) { 140 sa = ifa->ifa_addr; 141 if (sa->sa_family != AF_INET) 142 continue; 143 sin = (struct sockaddr_in *)sa; 144 if (prison_check_ip4(cred, &sin->sin_addr) == 0) { 145 ia = (struct in_ifaddr *)ifa; 146 break; 147 } 148 } 149 epoch_exit(net_epoch); 150 /* ... */ 151} 152.Ed 153Thread 2: 154.Bd -literal 155void 156ifa_free(struct ifaddr *ifa) 157{ 158 159 if (refcount_release(&ifa->ifa_refcnt)) 160 epoch_call(net_epoch, &ifa->ifa_epoch_ctx, ifa_destroy); 161} 162 163void 164if_purgeaddrs(struct ifnet *ifp) 165{ 166 167 /* .... */ 168 IF_ADDR_WLOCK(ifp); 169 CK_STAILQ_REMOVE(&ifp->if_addrhead, ifa, ifaddr, ifa_link); 170 IF_ADDR_WUNLOCK(ifp); 171 ifa_free(ifa); 172} 173.Ed 174.Pp 175Thread 1 traverses the ifaddr list in an epoch. Thread 2 unlinks 176with the corresponding epoch safe macro, marks as logically free, 177and then defers deletion. More general mutation or a synchronous 178free would have to follow a a call to 179.Fn epoch_wait . 180.Sh ERRORS 181None. 182.El 183.Sh SEE ALSO 184.Xr locking 9 , 185.Xr mtx_pool 9 , 186.Xr mutex 9 , 187.Xr rwlock 9 , 188.Xr sema 9 , 189.Xr sleep 9 , 190.Xr sx 9 , 191.Xr timeout 9 192