• Tejun Heo's avatar
    percpu_ref: Update doc to dissuade users from depending on internal RCU grace periods · b3a5d111
    Tejun Heo authored
    percpu_ref internally uses sched-RCU to implement the percpu -> atomic
    mode switching and the documentation suggested that this could be
    depended upon.  This doesn't seem like a good idea.
    
    * percpu_ref uses sched-RCU which has different grace periods regular
      RCU.  Users may combine percpu_ref with regular RCU usage and
      incorrectly believe that regular RCU grace periods are performed by
      percpu_ref.  This can lead to, for example, use-after-free due to
      premature freeing.
    
    * percpu_ref has a grace period when switching from percpu to atomic
      mode.  It doesn't have one between the last put and release.  This
      distinction is subtle and can lead to surprising bugs.
    
    * percpu_ref allows starting in and switching to atomic mode manually
      for debugging and other purposes.  This means that there may not be
      any grace periods from kill to release.
    
    This patch makes it clear that the grace periods are percpu_ref's
    internal implementation detail and can't be depended upon by the
    users.
    Signed-off-by: default avatarTejun Heo <tj@kernel.org>
    Cc: Kent Overstreet <kent.overstreet@gmail.com>
    Cc: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: default avatarTejun Heo <tj@kernel.org>
    b3a5d111
percpu-refcount.c 12.5 KB