[linuxkernelnewbies] HOWTO: Build an RT-application - RTwiki

[Peter Teoh]

http://rt.wiki.kernel.org/index.php/HOWTO:_Build_an_RT-application HOWTO: Build an RT-application From RTwiki Jump to: navigation, search This document describes the steps to writing hard real time Linux programs while using the real time Preemption Patch. It also describes the pitfalls that destroy the real time responsiveness. It focuses on x86 and ARM, although the concepts are also valid on other architectures, as long as Glibc is used. (Some fundamental parts lack in uClibc, like for example PI-mutex support and the control of malloc/new behavior, so uClibc is not recommended) Contents [hide] 1 Latencies 1.1 Hardware causes of ISR latency 1.1.1 Hints for getting rid of SMI interrupts on x86 1.2 Latencies caused by Page-faults 1.2.1 File handling 1.2.2 Global variables and arrays 1.3 Priority Inheritance Mutex support 1.4 The impact of the Big Kernel Lock 2 Building Device Drivers 2.1 Interrupt Handling 2.1.1 Things you should not do in IRQF_NODELAY context 3 Author/Maintainer 4 Revision Latencies Hardware causes of ISR latency A good real time behavior of a system depends a lot on low latency interrupt handling. Taking a look at the X86 platform, it shows that this platform is not optimized for RT usage. Several mechanisms cause ISR latencies that can run into the 10's or 100's of microseconds. Knowing them will enable you to make the best design choices on this platform to enable you to work around the negative impact. System Management Interrupt (SMI) on Intel x86 ICH chipsets System Management Interrupts are being generated by the power management hardware on the board. SMI's are evil if real-time is required. First off, they can last for hundreds of microseconds, which for many RT applications causes unacceptable jitter. Second, they are the highest priority interrupt in the system (even higher than the NMI). Third, you can't intercept the SMI because it doesn't have a vector in the CPU. Instead, when the CPU gets an SMI it goes into a special mode and jumps to a hard-wired location in a special SMM address space (which is probably in BIOS ROM). Essentially SMI interrupts are "invisible" to the Operating System. Although SMI interrupts are handled by 1 processor at a time, it even effects real-time responsiveness on dual-core/SMP systems, because if the processor handling the SMI interrupt has locked a mutex or spinlock, which is needed by some other core, that other core has to wait until the SMI interrupt handler has been completed and a mutex/spinlock has been released. This problem also exists on RTAI and other OS-es, see for more info [1] DMA bus mastering Bus mastering events can cause long-latency CPU stalls of many microseconds. It can be generated by every device that uses DMA, such as SATA/PATA/SCSI devices and even network adapters. Also video cards that insert wait cycles on the bus in response to a CPU access can cause this kind of latency. Sometimes the behavior of such peripherals can be controlled from the driver, trading off throughput for lower latency. The negative impact of bus mastering is independent from the chosen OS, so this is not a unique problem for Linux-RT, even other RTOS-es experience these type of latency! On-demand CPU scaling creates long-latency events when the CPU is put in a low-power-consumption state after a period of inactivity. Such problems are usually quite easy to detect. (e.g. On Fedora the 'cpuspeed' tool should be disabled, as this tool loads the on-demand scaling_governor driver) VGA Console When the system is fulfilling its RT requirements the VGA Text Console must be left untouched. Nothing is allowed to be written to that console, even printk's are not allowed. This VGA text console causes very large latencies, up to more than hundreds of microseconds. It is better to use a serial console and have no login shell on the VGA text console. Also SSH or Telnet sessions can be used. The 'quiet' option on the kernel command line could also be useful to prevent preventing any printk to reach the console. Notice that using a graphical UI of X has no RT-impact, it is just the VGA text console that causes latencies. Hints for getting rid of SMI interrupts on x86 1) Use PS/2 mouse and keyboard, 2) Disable USB mouse and keyboard in BIOS, 3) Compile an ACPI-enabled Kernel. 4) Disable TCO timer generation of SMIs (TCO_EN bit in the SMI_EN register). The latency should drop to ~10us permanently, at the expense of not being able to use the i8xx_tco watchdog. One user of RTAI reported: In all cases, do not boot the computer with the USB flash stick plugged in. The latency will raise to 500us if you do so. Connecting and using the USB stick later does no harm, however. ATTENTION! Do not ever disable the SMI interrupts globally. Disabling SMI may cause serious harm to your computer. On P4 systems you can burn your CPU to death, when SMI is disabled. SMIs are also used to fix up chip bugs, so certain components may not work as expected when SMI is disabled. So, be very sure you know what you are doing before disabling any SMI interrupt. Latencies caused by Page-faults Whenever the RT process runs into a page-fault the kernel freezes the entire process (with all its threads in it), until the kernel has handled the page fault. There are 2 types of pagefaults, major and minor pagefaults. Minor pagefaults are handled without IO accesses. Major pagefaults are pagefaults that are handled by means of IO activity. Page faults are therefor dangerous for RT applications and need to be prevented. If there is no Swap space used and no other applications stress the memory boundaries, then there is enough free RAM ready for the RT application to be used. In this case the RT-application will likely only run into minor pagefaults, which cause relatively small latencies. But, if the RT application is just one of the many applications on the system, and there is Swap space used, then special actions has to be taken to protect the memory of the RT-application. If memory has to be retrieved from disk or pushed towards the disk to handle a page fault, the RT-application will experience very large latencies, sometimes up to more than a second! Notice that pagefaults of one application cannot interfere the RT-behavior of another application. During startup a RT-application will always experience a lot of pagefaults. These cannot be prevented. In fact, this startup period must be used to claim and lock enough memory for the RT-process in RAM. This must be done in such a way that when the application needs to expose its RT capabilities, pagefaults do not occur anymore. This can be done by taking care of the following during the initial startup phase: Call directly from the main() entry the mlockall() call. Create all threads at startup time of the application. Never start threads dynamically during RT show time, this will ruin RT behavior. Reserve a pool of memory to do new/delete or malloc/free in, if you require dynamic memory allocation. Never use system calls that are known to generate pagefaults, such as fopen(). (Opening of files does the mmap() system call, which generates a page-fault). There are several examples that show the several aspects of preventing page-faults. It depends on the your requirements which suits best for your purpose. Simple memory locking example: Single threaded application doing a malloc() and make it safe to use. Dynamic memory allocation example: Same as Simple memory locking example, except it creates a pool of memory to be used for dynamic memory allocation Threaded RT-application with memory locking and stack handling example: Same as Dynamic memory allocation example, but now supports threads. mlockall() should be called within the application to prevent the page out of memory for the real time application. File handling File handling is known to generate disastrous pagefaults. So, if there is a need for file access from the context of the RT-application, then this can be done best by splitting the application in an RT part and a file-handling part. Both parts are allowed to communicate through sockets. I have never seen a page fault caused by socket traffic. Note: While accessing files the low-level fopen() call will do a mmap() to allocate new memory to the process, resulting in a new pagefault. Global variables and arrays Global variables and arrays are not part of the binary, but are allocated by the OS at process startup. The virtual memory pages associated to this data is not immediately mapped to physical pages of RAM, meaning that page faults occur on access. It turns out that the mlockall() call forces all global variables and arrays into RAM, meaning that subsequent access to this memory does not result in page faults. As such, using global variables and arrays does not introduce any additional problems for real time applications. You can verify this behavior using the following program (run as 'root' to allow the mlockall() operation) Verifying the absence of page faults in global arrays proof Priority Inheritance Mutex support A real-time system cannot be real-time if there is no solution for priority inversion, this will cause undesired latencies and even deadlocks. (see [2]) On Linux luckily there is a solution for it in user-land since kernel version 2.6.18 together with Glibc 2.5 (PTHREAD_PRIO_INHERIT). So, if user-land real-time is important, I highly encourage you to upgrade to at least these 2 versions. Other C-libraries like uClibc do not support PI-futexes at this moment, and are therefor less suitable for realtime! Errata for ARM: On ARM the slow-path for PI-futexes is first integrated in the RT-patch 2.6.23.rc4-rt1. The patch is however easily back-portable to older kernels (>= 2.6.18) without breaking things. (Just check the file 'include/asm/futex.h' in the kernel code.) The futex slowpath on ARM requires the memory locking scheme as described above. The futex administration is never allowed to be paged out to disk, because the futex-administration memory is accessed with interrupts disabled. This was necessary because the ARM9 v4 and v5 cores do not have the required test-and-set atomic instructions to do it nicely. This errata is not relevant to X86, because X86 supports the required atomic assembler instructions to do it properly without interrupt locking. The impact of the Big Kernel Lock The Big Kernel Lock (BKL) is preemptible on Preempt-RT. BKL is backed by a mutex (rtmutex) in -rt instead of a regular spinlock. BKL is a special case lock that is released at schedule() then reacquired when the thread is woken up. This is a coarse grained lock that is use to protect the kernel in places that are not thread safe. It has special rules regarding its use and was designed to handle the cases where an IO call is blocked on a wait queue versus blocking as a result of contention from a sleepable semaphore. Significant parts of the kernel still use BKL, Posix flock code namely, as well as other places. If a RT-thread uses a system call that locks the BKL; it can experience unbounded latencies when the BKL is locked by another thread. Any calls into the kernel, from a real time capable thread (SCHED_FIFO), must keep this into account otherwise priority inversions can take place. Just about every system call in the Linux kernel acquires a lock of some sort and can result in difficult to predict latencies and is especially the case because of the wide use BKL in non-thread safe places in the kernel. One problematic place is the ioctl() handler in device driver layer. It normally acquires BKL on syscall entry and is released when coming back into userspace. However, there is a non-BKL acquiring variant of this handler that can be used instead, provided that the handler function is MP/thread safe: static struct file_operations my_fops = { .ioctl = my_ioctl, /* This line makes my ioctl() a BKL locked variant. */ .unlocked_ioctl = my_ioctl, /* This version does not use the BKL (Notice that this version requires a slightly different ioctl() argument list) */ }; Building Device Drivers (This Chapter is under construction) Interrupt Handling The RT-kernel handles all the Interrupt handlers in thread context. However, the real hardware interrupt context is still available. This context can be recognised on the IRQF_NODELAY flag that is assigned to a certain interrupt handler during request_irq() or setup_irq(). Within this context a much more limited kernel API is allowed to be used. Things you should not do in IRQF_NODELAY context Calling any kernel API that uses normal spinlocks. Spinlocks are converted to mutexes on RT, and mutexes can sleep due its nature. (Note: the raw_spinlock_t types behave the same as on a non-RT kernel) Some kernel API's that can block on a spinlock/RT-mutex: wake_up() shall not be used, use wake_up_process() instead. up() shall not be used in this context, this is valid for all semaphore types, thus both struct compat_semaphore, as well as struct semaphore. (of course the same is valid for down()...) complete(): Uses also a normal spinlock which is defined in 'struct __wait_queue_head' in wait.h, thus not safe. Author/Maintainer Remy Bohmer