0001 =================
0002 Freezing of tasks
0003 =================
0004
0005 (C) 2007 Rafael J. Wysocki <rjw@sisk.pl>, GPL
0006
0007 I. What is the freezing of tasks?
0008 =================================
0009
0010 The freezing of tasks is a mechanism by which user space processes and some
0011 kernel threads are controlled during hibernation or system-wide suspend (on some
0012 architectures).
0013
0014 II. How does it work?
0015 =====================
0016
0017 There are three per-task flags used for that, PF_NOFREEZE, PF_FROZEN
0018 and PF_FREEZER_SKIP (the last one is auxiliary). The tasks that have
0019 PF_NOFREEZE unset (all user space processes and some kernel threads) are
0020 regarded as 'freezable' and treated in a special way before the system enters a
0021 suspend state as well as before a hibernation image is created (in what follows
0022 we only consider hibernation, but the description also applies to suspend).
0023
0024 Namely, as the first step of the hibernation procedure the function
0025 freeze_processes() (defined in kernel/power/process.c) is called. A system-wide
0026 variable system_freezing_cnt (as opposed to a per-task flag) is used to indicate
0027 whether the system is to undergo a freezing operation. And freeze_processes()
0028 sets this variable. After this, it executes try_to_freeze_tasks() that sends a
0029 fake signal to all user space processes, and wakes up all the kernel threads.
0030 All freezable tasks must react to that by calling try_to_freeze(), which
0031 results in a call to __refrigerator() (defined in kernel/freezer.c), which sets
0032 the task's PF_FROZEN flag, changes its state to TASK_UNINTERRUPTIBLE and makes
0033 it loop until PF_FROZEN is cleared for it. Then, we say that the task is
0034 'frozen' and therefore the set of functions handling this mechanism is referred
0035 to as 'the freezer' (these functions are defined in kernel/power/process.c,
0036 kernel/freezer.c & include/linux/freezer.h). User space processes are generally
0037 frozen before kernel threads.
0038
0039 __refrigerator() must not be called directly. Instead, use the
0040 try_to_freeze() function (defined in include/linux/freezer.h), that checks
0041 if the task is to be frozen and makes the task enter __refrigerator().
0042
0043 For user space processes try_to_freeze() is called automatically from the
0044 signal-handling code, but the freezable kernel threads need to call it
0045 explicitly in suitable places or use the wait_event_freezable() or
0046 wait_event_freezable_timeout() macros (defined in include/linux/freezer.h)
0047 that combine interruptible sleep with checking if the task is to be frozen and
0048 calling try_to_freeze(). The main loop of a freezable kernel thread may look
0049 like the following one::
0050
0051 set_freezable();
0052 do {
0053 hub_events();
0054 wait_event_freezable(khubd_wait,
0055 !list_empty(&hub_event_list) ||
0056 kthread_should_stop());
0057 } while (!kthread_should_stop() || !list_empty(&hub_event_list));
0058
0059 (from drivers/usb/core/hub.c::hub_thread()).
0060
0061 If a freezable kernel thread fails to call try_to_freeze() after the freezer has
0062 initiated a freezing operation, the freezing of tasks will fail and the entire
0063 hibernation operation will be cancelled. For this reason, freezable kernel
0064 threads must call try_to_freeze() somewhere or use one of the
0065 wait_event_freezable() and wait_event_freezable_timeout() macros.
0066
0067 After the system memory state has been restored from a hibernation image and
0068 devices have been reinitialized, the function thaw_processes() is called in
0069 order to clear the PF_FROZEN flag for each frozen task. Then, the tasks that
0070 have been frozen leave __refrigerator() and continue running.
0071
0072
0073 Rationale behind the functions dealing with freezing and thawing of tasks
0074 -------------------------------------------------------------------------
0075
0076 freeze_processes():
0077 - freezes only userspace tasks
0078
0079 freeze_kernel_threads():
0080 - freezes all tasks (including kernel threads) because we can't freeze
0081 kernel threads without freezing userspace tasks
0082
0083 thaw_kernel_threads():
0084 - thaws only kernel threads; this is particularly useful if we need to do
0085 anything special in between thawing of kernel threads and thawing of
0086 userspace tasks, or if we want to postpone the thawing of userspace tasks
0087
0088 thaw_processes():
0089 - thaws all tasks (including kernel threads) because we can't thaw userspace
0090 tasks without thawing kernel threads
0091
0092
0093 III. Which kernel threads are freezable?
0094 ========================================
0095
0096 Kernel threads are not freezable by default. However, a kernel thread may clear
0097 PF_NOFREEZE for itself by calling set_freezable() (the resetting of PF_NOFREEZE
0098 directly is not allowed). From this point it is regarded as freezable
0099 and must call try_to_freeze() in a suitable place.
0100
0101 IV. Why do we do that?
0102 ======================
0103
0104 Generally speaking, there is a couple of reasons to use the freezing of tasks:
0105
0106 1. The principal reason is to prevent filesystems from being damaged after
0107 hibernation. At the moment we have no simple means of checkpointing
0108 filesystems, so if there are any modifications made to filesystem data and/or
0109 metadata on disks, we cannot bring them back to the state from before the
0110 modifications. At the same time each hibernation image contains some
0111 filesystem-related information that must be consistent with the state of the
0112 on-disk data and metadata after the system memory state has been restored
0113 from the image (otherwise the filesystems will be damaged in a nasty way,
0114 usually making them almost impossible to repair). We therefore freeze
0115 tasks that might cause the on-disk filesystems' data and metadata to be
0116 modified after the hibernation image has been created and before the
0117 system is finally powered off. The majority of these are user space
0118 processes, but if any of the kernel threads may cause something like this
0119 to happen, they have to be freezable.
0120
0121 2. Next, to create the hibernation image we need to free a sufficient amount of
0122 memory (approximately 50% of available RAM) and we need to do that before
0123 devices are deactivated, because we generally need them for swapping out.
0124 Then, after the memory for the image has been freed, we don't want tasks
0125 to allocate additional memory and we prevent them from doing that by
0126 freezing them earlier. [Of course, this also means that device drivers
0127 should not allocate substantial amounts of memory from their .suspend()
0128 callbacks before hibernation, but this is a separate issue.]
0129
0130 3. The third reason is to prevent user space processes and some kernel threads
0131 from interfering with the suspending and resuming of devices. A user space
0132 process running on a second CPU while we are suspending devices may, for
0133 example, be troublesome and without the freezing of tasks we would need some
0134 safeguards against race conditions that might occur in such a case.
0135
0136 Although Linus Torvalds doesn't like the freezing of tasks, he said this in one
0137 of the discussions on LKML (https://lore.kernel.org/r/alpine.LFD.0.98.0704271801020.9964@woody.linux-foundation.org):
0138
0139 "RJW:> Why we freeze tasks at all or why we freeze kernel threads?
0140
0141 Linus: In many ways, 'at all'.
0142
0143 I **do** realize the IO request queue issues, and that we cannot actually do
0144 s2ram with some devices in the middle of a DMA. So we want to be able to
0145 avoid *that*, there's no question about that. And I suspect that stopping
0146 user threads and then waiting for a sync is practically one of the easier
0147 ways to do so.
0148
0149 So in practice, the 'at all' may become a 'why freeze kernel threads?' and
0150 freezing user threads I don't find really objectionable."
0151
0152 Still, there are kernel threads that may want to be freezable. For example, if
0153 a kernel thread that belongs to a device driver accesses the device directly, it
0154 in principle needs to know when the device is suspended, so that it doesn't try
0155 to access it at that time. However, if the kernel thread is freezable, it will
0156 be frozen before the driver's .suspend() callback is executed and it will be
0157 thawed after the driver's .resume() callback has run, so it won't be accessing
0158 the device while it's suspended.
0159
0160 4. Another reason for freezing tasks is to prevent user space processes from
0161 realizing that hibernation (or suspend) operation takes place. Ideally, user
0162 space processes should not notice that such a system-wide operation has
0163 occurred and should continue running without any problems after the restore
0164 (or resume from suspend). Unfortunately, in the most general case this
0165 is quite difficult to achieve without the freezing of tasks. Consider,
0166 for example, a process that depends on all CPUs being online while it's
0167 running. Since we need to disable nonboot CPUs during the hibernation,
0168 if this process is not frozen, it may notice that the number of CPUs has
0169 changed and may start to work incorrectly because of that.
0170
0171 V. Are there any problems related to the freezing of tasks?
0172 ===========================================================
0173
0174 Yes, there are.
0175
0176 First of all, the freezing of kernel threads may be tricky if they depend one
0177 on another. For example, if kernel thread A waits for a completion (in the
0178 TASK_UNINTERRUPTIBLE state) that needs to be done by freezable kernel thread B
0179 and B is frozen in the meantime, then A will be blocked until B is thawed, which
0180 may be undesirable. That's why kernel threads are not freezable by default.
0181
0182 Second, there are the following two problems related to the freezing of user
0183 space processes:
0184
0185 1. Putting processes into an uninterruptible sleep distorts the load average.
0186 2. Now that we have FUSE, plus the framework for doing device drivers in
0187 userspace, it gets even more complicated because some userspace processes are
0188 now doing the sorts of things that kernel threads do
0189 (https://lists.linux-foundation.org/pipermail/linux-pm/2007-May/012309.html).
0190
0191 The problem 1. seems to be fixable, although it hasn't been fixed so far. The
0192 other one is more serious, but it seems that we can work around it by using
0193 hibernation (and suspend) notifiers (in that case, though, we won't be able to
0194 avoid the realization by the user space processes that the hibernation is taking
0195 place).
0196
0197 There are also problems that the freezing of tasks tends to expose, although
0198 they are not directly related to it. For example, if request_firmware() is
0199 called from a device driver's .resume() routine, it will timeout and eventually
0200 fail, because the user land process that should respond to the request is frozen
0201 at this point. So, seemingly, the failure is due to the freezing of tasks.
0202 Suppose, however, that the firmware file is located on a filesystem accessible
0203 only through another device that hasn't been resumed yet. In that case,
0204 request_firmware() will fail regardless of whether or not the freezing of tasks
0205 is used. Consequently, the problem is not really related to the freezing of
0206 tasks, since it generally exists anyway.
0207
0208 A driver must have all firmwares it may need in RAM before suspend() is called.
0209 If keeping them is not practical, for example due to their size, they must be
0210 requested early enough using the suspend notifier API described in
0211 Documentation/driver-api/pm/notifiers.rst.
0212
0213 VI. Are there any precautions to be taken to prevent freezing failures?
0214 =======================================================================
0215
0216 Yes, there are.
0217
0218 First of all, grabbing the 'system_transition_mutex' lock to mutually exclude a
0219 piece of code from system-wide sleep such as suspend/hibernation is not
0220 encouraged. If possible, that piece of code must instead hook onto the
0221 suspend/hibernation notifiers to achieve mutual exclusion. Look at the
0222 CPU-Hotplug code (kernel/cpu.c) for an example.
0223
0224 However, if that is not feasible, and grabbing 'system_transition_mutex' is
0225 deemed necessary, it is strongly discouraged to directly call
0226 mutex_[un]lock(&system_transition_mutex) since that could lead to freezing
0227 failures, because if the suspend/hibernate code successfully acquired the
0228 'system_transition_mutex' lock, and hence that other entity failed to acquire
0229 the lock, then that task would get blocked in TASK_UNINTERRUPTIBLE state. As a
0230 consequence, the freezer would not be able to freeze that task, leading to
0231 freezing failure.
0232
0233 However, the [un]lock_system_sleep() APIs are safe to use in this scenario,
0234 since they ask the freezer to skip freezing this task, since it is anyway
0235 "frozen enough" as it is blocked on 'system_transition_mutex', which will be
0236 released only after the entire suspend/hibernation sequence is complete. So, to
0237 summarize, use [un]lock_system_sleep() instead of directly using
0238 mutex_[un]lock(&system_transition_mutex). That would prevent freezing failures.
0239
0240 V. Miscellaneous
0241 ================
0242
0243 /sys/power/pm_freeze_timeout controls how long it will cost at most to freeze
0244 all user space processes or all freezable kernel threads, in unit of
0245 millisecond. The default value is 20000, with range of unsigned integer.
