Re: [PATCH 0/5] sched: Lazy preemption muck

From: Thomas Gleixner
Date: Wed Oct 09 2024 - 21:21:03 EST


On Wed, Oct 09 2024 at 19:29, Steven Rostedt wrote:
> On Thu, 10 Oct 2024 01:16:27 +0200
> Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote:
>
>> On Wed, Oct 09 2024 at 17:19, Steven Rostedt wrote:
>> > On Wed, 09 Oct 2024 23:06:00 +0200
>> > Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote:
>> >> For the transition phase we obviously need to do:
>> >>
>> >> while ($cond) {
>> >> spin_lock(L);
>> >> do_stuff();
>> >> spin_unlock(L);
>> >> cond_resched();
>> >> }
>> >
>> > But if $cond needs to be protected by spin_lock(), what then?
>> >
>> > spin_lock();
>> > while ($cond) {
>> > do_stuff();
>> > spin_unlock();
>> > spin_lock();
>> > }
>> > spin_unlock();
>> >
>>
>> Seriously? The proper pattern for this is to do either:
>>
>> while (READ_ONCE($cond)) {
>> scoped_guard(spinlock)(L) {
>> if ($cond)
>> break;
>> do_stuff();
>> }
>> cond_resched(); // To be removed
>> }
>>
>> or in case that $cond is more complex and needs lock protection:
>>
>> while (true) {
>> scoped_guard(spinlock)(L) {
>> if ($cond)
>> break;
>> do_stuff();
>> }
>> cond_resched(); // To be removed
>> }
>>
>> You get the idea, no?
>
> Basically still the same logic, just a different syntax. Speaking of which...

Of course it's the same logic at the very end, but it's logic which is
understandable, makes sense and allows to change the underlying
infrastructure without disruption.

Refactoring is an art and if you get it wrong you actually make it
worse. Been there, done that.

>> It forces people to actually analyze the problems and not work around
>> them with yet another magic duct tape solution which is equally ill
>> defined as cond_resched() or the hideous might_sleep() hack.
>>
>> The goal is to reduce technical debt and not to replace it with a
>> different variant.
>>
>
> The above definitely sounds like rational to switch everything over to Rust!
>
> /me runs!!!!

Why are you running away?

I'm all for moving the kernel to a less error prone programming
language. I've done ADA programming in my former professional live and
I'm well aware about the advantages of a "safe" programming language.

For me Rust is definitely the right way to go, aside of my personal
distaste of the syntax and the insanity of abandoning an existing
universe of ADA tools just because of 'not invented here', but that's a
different discussion to be had.

That said, converging to Rust requires a massive effort of being
disciplined on the C side in the first place. Otherwise the Rust
abstractions will just end up being a mostly useless wrapper around the
existing C insanities. Which in turn will neither reduce technical debt,
nor be able to hold up the promise to squash a whole class of bugs.

Quite the contrary it will accelerate the problems we already have
instead of reducing them, while everyone can pretend that we are so much
better off.

TBH, converging to Rust is a real chance to move away from the "features
first, correctness later" approach, but the way our community is
approaching it right now is just following the old scheme by making Rust
compatible to the "features first, correctness later" mantra.

If you still are telling me that:

>> > spin_lock();
>> > while ($cond) {
>> > do_stuff();
>> > spin_unlock();
>> > spin_lock();
>> > }
>> > spin_unlock();

is just different syntax than

>> while (true) {
>> scoped_guard(spinlock)(L) {
>> if ($cond)
>> break;
>> do_stuff();
>> }
>> }

then please explain to me how you map your proposed scheme to a language
which is scope based by design.

Thanks,

tglx