[lttng-dev] User-space RCU: call rcu_barrier() before dissociating helper thread?

Martin Wilck mwilck at suse.com
Wed May 5 03:54:14 EDT 2021


On Fri, 2021-04-30 at 14:41 -0400, Mathieu Desnoyers wrote:
> ----- On Apr 29, 2021, at 9:49 AM, lttng-dev 
> lttng-dev at lists.lttng.org wrote:
> 
> > In multipath-tools, we are using a custom RCU helper thread, which
> > is cleaned
> > out
> > on exit:
> > 
> > https://github.com/opensvc/multipath-tools/blob/23a01fa679481ff1144139222fbd2c4c863b78f8/multipathd/main.c#L3058
> > 
> > I put a call to rcu_barrier() there in order to make sure all
> > callbacks had
> > finished
> > before detaching the helper thread.
> > 
> > Now we got a report that rcu_barrier() isn't available before user-
> > space RCU 0.8
> > (https://github.com/opensvc/multipath-tools/issues/5) (and RHEL7 /
> > Centos7
> > still has 0.7.16).
> > 
> > Question: was it over-cautious or otherwise wrong to call
> > rcu_barrier() before
> > set_thread_call_rcu_data(NULL)? Can we maybe just skip this call?
> > If no, what
> > would be the recommended way for liburcu < 0.8 to dissociate a
> > helper thread?
> > 
> > (Note: I'm not currently subscribed to lttng-dev).
> 
> First of all, there is a significant reason why liburcu does not free
> the "default"
> call_rcu worker thread data structures at process exit. This is
> caused by the fact that
> a call_rcu callback may very well invoke call_rcu() to re-enqueue
> more work.
> 
> AFAIU this is somewhat similar to what happens to the Linux kernel
> RCU implementation
> when the machine needs to be shutdown or rebooted: there may indeed
> never be any point
> in time where it is safe to free the call_rcu worker thread data
> structures without leaks,
> due to the fact that a call_rcu callback may re-enqueue further work
> indefinitely.
> 
> So my understanding is that you implement your own call rcu worker
> thread because the
> one provided by liburcu leaks data structure on process exit, and you
> expect that
> call rcu_barrier once will suffice to ensure quiescence of the call
> rcu worker thread
> data structures. Unfortunately, this does not cover the scenario
> where a call_rcu
> callback re-enqueues additional work.

I understand. In multipath-tools, we only have one callback, which
doesn't re-enqueue any work. Our callback really just calls free() on a
data structure. And it's unlikely that we'll get more RCU callbacks any
time soon.

So, to clarify my question: Does it make sense to call rcu_barrier()
before set_thread_call_rcu_data(NULL) in this case? If yes, is there an
alternative for safely detaching the custom RCU thread if rcu_barrier()
is unavailable?

> So without knowing more details on the reasons why you wish to clean
> up memory at
> process exit, and why it would be valid to do so in your particular
> use-case, it's
> rather difficult for me to elaborate a complete answer.

multipathd is a long-running process, so being wary of memory leaks is
important. valgrind tests pop up an ugly warning about liburcu - it's
obviously not a big issue, as it occurs only on exit, but it makes a
negative impression on users running memory leak tests. It's possible
to work around that by using valgrind "suppressions", but so far my
policy was to use these only as last resort measure, in case we
couldn't find any way to work around it in our code. That's why I came
up with the "custom RCU thread" approach.

Anyway, from what you're saying, it might be be better to simply accept
the fact that this pseudo-memory-leak exists than trying to fix it in
an unsafe way with older liburcu versions.

> I can see that maybe we could change liburcu to make it so that we
> free all
> call_rcu data structures _if_ they happen to be empty of callbacks at
> process exit,
> after invoking one rcu_barrier. That should take care of not leaking
> data structures
> in the common case where call_rcu does not enqueue further callbacks.
> 
> Thoughts ?

That would be nice, but it wouldn't help me in the specific case, where
I have to deal with an old version of liburcu.

Perhaps you could also consider an API extension by which an
application could tell liburcu that it's exiting, and no further
callbacks should be scheduled?

Thanks,
Martin




More information about the lttng-dev mailing list