~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/core-api/kref.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 ===================================================
  2 Adding reference counters (krefs) to kernel objects
  3 ===================================================
  4 
  5 :Author: Corey Minyard <minyard@acm.org>
  6 :Author: Thomas Hellstrom <thellstrom@vmware.com>
  7 
  8 A lot of this was lifted from Greg Kroah-Hartman's 2004 OLS paper and
  9 presentation on krefs, which can be found at:
 10 
 11   - http://www.kroah.com/linux/talks/ols_2004_kref_paper/Reprint-Kroah-Hartman-OLS2004.pdf
 12   - http://www.kroah.com/linux/talks/ols_2004_kref_talk/
 13 
 14 Introduction
 15 ============
 16 
 17 krefs allow you to add reference counters to your objects.  If you
 18 have objects that are used in multiple places and passed around, and
 19 you don't have refcounts, your code is almost certainly broken.  If
 20 you want refcounts, krefs are the way to go.
 21 
 22 To use a kref, add one to your data structures like::
 23 
 24     struct my_data
 25     {
 26         .
 27         .
 28         struct kref refcount;
 29         .
 30         .
 31     };
 32 
 33 The kref can occur anywhere within the data structure.
 34 
 35 Initialization
 36 ==============
 37 
 38 You must initialize the kref after you allocate it.  To do this, call
 39 kref_init as so::
 40 
 41      struct my_data *data;
 42 
 43      data = kmalloc(sizeof(*data), GFP_KERNEL);
 44      if (!data)
 45             return -ENOMEM;
 46      kref_init(&data->refcount);
 47 
 48 This sets the refcount in the kref to 1.
 49 
 50 Kref rules
 51 ==========
 52 
 53 Once you have an initialized kref, you must follow the following
 54 rules:
 55 
 56 1) If you make a non-temporary copy of a pointer, especially if
 57    it can be passed to another thread of execution, you must
 58    increment the refcount with kref_get() before passing it off::
 59 
 60        kref_get(&data->refcount);
 61 
 62    If you already have a valid pointer to a kref-ed structure (the
 63    refcount cannot go to zero) you may do this without a lock.
 64 
 65 2) When you are done with a pointer, you must call kref_put()::
 66 
 67        kref_put(&data->refcount, data_release);
 68 
 69    If this is the last reference to the pointer, the release
 70    routine will be called.  If the code never tries to get
 71    a valid pointer to a kref-ed structure without already
 72    holding a valid pointer, it is safe to do this without
 73    a lock.
 74 
 75 3) If the code attempts to gain a reference to a kref-ed structure
 76    without already holding a valid pointer, it must serialize access
 77    where a kref_put() cannot occur during the kref_get(), and the
 78    structure must remain valid during the kref_get().
 79 
 80 For example, if you allocate some data and then pass it to another
 81 thread to process::
 82 
 83     void data_release(struct kref *ref)
 84     {
 85         struct my_data *data = container_of(ref, struct my_data, refcount);
 86         kfree(data);
 87     }
 88 
 89     void more_data_handling(void *cb_data)
 90     {
 91         struct my_data *data = cb_data;
 92         .
 93         . do stuff with data here
 94         .
 95         kref_put(&data->refcount, data_release);
 96     }
 97 
 98     int my_data_handler(void)
 99     {
100         int rv = 0;
101         struct my_data *data;
102         struct task_struct *task;
103         data = kmalloc(sizeof(*data), GFP_KERNEL);
104         if (!data)
105                 return -ENOMEM;
106         kref_init(&data->refcount);
107 
108         kref_get(&data->refcount);
109         task = kthread_run(more_data_handling, data, "more_data_handling");
110         if (task == ERR_PTR(-ENOMEM)) {
111                 rv = -ENOMEM;
112                 kref_put(&data->refcount, data_release);
113                 goto out;
114         }
115 
116         .
117         . do stuff with data here
118         .
119     out:
120         kref_put(&data->refcount, data_release);
121         return rv;
122     }
123 
124 This way, it doesn't matter what order the two threads handle the
125 data, the kref_put() handles knowing when the data is not referenced
126 any more and releasing it.  The kref_get() does not require a lock,
127 since we already have a valid pointer that we own a refcount for.  The
128 put needs no lock because nothing tries to get the data without
129 already holding a pointer.
130 
131 In the above example, kref_put() will be called 2 times in both success
132 and error paths. This is necessary because the reference count got
133 incremented 2 times by kref_init() and kref_get().
134 
135 Note that the "before" in rule 1 is very important.  You should never
136 do something like::
137 
138         task = kthread_run(more_data_handling, data, "more_data_handling");
139         if (task == ERR_PTR(-ENOMEM)) {
140                 rv = -ENOMEM;
141                 goto out;
142         } else
143                 /* BAD BAD BAD - get is after the handoff */
144                 kref_get(&data->refcount);
145 
146 Don't assume you know what you are doing and use the above construct.
147 First of all, you may not know what you are doing.  Second, you may
148 know what you are doing (there are some situations where locking is
149 involved where the above may be legal) but someone else who doesn't
150 know what they are doing may change the code or copy the code.  It's
151 bad style.  Don't do it.
152 
153 There are some situations where you can optimize the gets and puts.
154 For instance, if you are done with an object and enqueuing it for
155 something else or passing it off to something else, there is no reason
156 to do a get then a put::
157 
158         /* Silly extra get and put */
159         kref_get(&obj->ref);
160         enqueue(obj);
161         kref_put(&obj->ref, obj_cleanup);
162 
163 Just do the enqueue.  A comment about this is always welcome::
164 
165         enqueue(obj);
166         /* We are done with obj, so we pass our refcount off
167            to the queue.  DON'T TOUCH obj AFTER HERE! */
168 
169 The last rule (rule 3) is the nastiest one to handle.  Say, for
170 instance, you have a list of items that are each kref-ed, and you wish
171 to get the first one.  You can't just pull the first item off the list
172 and kref_get() it.  That violates rule 3 because you are not already
173 holding a valid pointer.  You must add a mutex (or some other lock).
174 For instance::
175 
176         static DEFINE_MUTEX(mutex);
177         static LIST_HEAD(q);
178         struct my_data
179         {
180                 struct kref      refcount;
181                 struct list_head link;
182         };
183 
184         static struct my_data *get_entry()
185         {
186                 struct my_data *entry = NULL;
187                 mutex_lock(&mutex);
188                 if (!list_empty(&q)) {
189                         entry = container_of(q.next, struct my_data, link);
190                         kref_get(&entry->refcount);
191                 }
192                 mutex_unlock(&mutex);
193                 return entry;
194         }
195 
196         static void release_entry(struct kref *ref)
197         {
198                 struct my_data *entry = container_of(ref, struct my_data, refcount);
199 
200                 list_del(&entry->link);
201                 kfree(entry);
202         }
203 
204         static void put_entry(struct my_data *entry)
205         {
206                 mutex_lock(&mutex);
207                 kref_put(&entry->refcount, release_entry);
208                 mutex_unlock(&mutex);
209         }
210 
211 The kref_put() return value is useful if you do not want to hold the
212 lock during the whole release operation.  Say you didn't want to call
213 kfree() with the lock held in the example above (since it is kind of
214 pointless to do so).  You could use kref_put() as follows::
215 
216         static void release_entry(struct kref *ref)
217         {
218                 /* All work is done after the return from kref_put(). */
219         }
220 
221         static void put_entry(struct my_data *entry)
222         {
223                 mutex_lock(&mutex);
224                 if (kref_put(&entry->refcount, release_entry)) {
225                         list_del(&entry->link);
226                         mutex_unlock(&mutex);
227                         kfree(entry);
228                 } else
229                         mutex_unlock(&mutex);
230         }
231 
232 This is really more useful if you have to call other routines as part
233 of the free operations that could take a long time or might claim the
234 same lock.  Note that doing everything in the release routine is still
235 preferred as it is a little neater.
236 
237 The above example could also be optimized using kref_get_unless_zero() in
238 the following way::
239 
240         static struct my_data *get_entry()
241         {
242                 struct my_data *entry = NULL;
243                 mutex_lock(&mutex);
244                 if (!list_empty(&q)) {
245                         entry = container_of(q.next, struct my_data, link);
246                         if (!kref_get_unless_zero(&entry->refcount))
247                                 entry = NULL;
248                 }
249                 mutex_unlock(&mutex);
250                 return entry;
251         }
252 
253         static void release_entry(struct kref *ref)
254         {
255                 struct my_data *entry = container_of(ref, struct my_data, refcount);
256 
257                 mutex_lock(&mutex);
258                 list_del(&entry->link);
259                 mutex_unlock(&mutex);
260                 kfree(entry);
261         }
262 
263         static void put_entry(struct my_data *entry)
264         {
265                 kref_put(&entry->refcount, release_entry);
266         }
267 
268 Which is useful to remove the mutex lock around kref_put() in put_entry(), but
269 it's important that kref_get_unless_zero is enclosed in the same critical
270 section that finds the entry in the lookup table,
271 otherwise kref_get_unless_zero may reference already freed memory.
272 Note that it is illegal to use kref_get_unless_zero without checking its
273 return value. If you are sure (by already having a valid pointer) that
274 kref_get_unless_zero() will return true, then use kref_get() instead.
275 
276 Krefs and RCU
277 =============
278 
279 The function kref_get_unless_zero also makes it possible to use rcu
280 locking for lookups in the above example::
281 
282         struct my_data
283         {
284                 struct rcu_head rhead;
285                 .
286                 struct kref refcount;
287                 .
288                 .
289         };
290 
291         static struct my_data *get_entry_rcu()
292         {
293                 struct my_data *entry = NULL;
294                 rcu_read_lock();
295                 if (!list_empty(&q)) {
296                         entry = container_of(q.next, struct my_data, link);
297                         if (!kref_get_unless_zero(&entry->refcount))
298                                 entry = NULL;
299                 }
300                 rcu_read_unlock();
301                 return entry;
302         }
303 
304         static void release_entry_rcu(struct kref *ref)
305         {
306                 struct my_data *entry = container_of(ref, struct my_data, refcount);
307 
308                 mutex_lock(&mutex);
309                 list_del_rcu(&entry->link);
310                 mutex_unlock(&mutex);
311                 kfree_rcu(entry, rhead);
312         }
313 
314         static void put_entry(struct my_data *entry)
315         {
316                 kref_put(&entry->refcount, release_entry_rcu);
317         }
318 
319 But note that the struct kref member needs to remain in valid memory for a
320 rcu grace period after release_entry_rcu was called. That can be accomplished
321 by using kfree_rcu(entry, rhead) as done above, or by calling synchronize_rcu()
322 before using kfree, but note that synchronize_rcu() may sleep for a
323 substantial amount of time.

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php