10:54 a.m.
Changelog:
v3
- Addressed comments from David Hildenbrand. Don't release
lock_device_hotplug after checking memory status, and rename
memblock_offlined_cb() to check_memblock_offlined_cb()
v2
- Dan Williams mentioned that drv->remove() return is ignored
by unbind. Unbind always succeeds. Because we cannot guarantee
that memory can be offlined from the driver, don't even
attempt to do so. Simply check that every section is offlined
beforehand and only then proceed with removing dax memory.
---
Recently, adding a persistent memory to be used like a regular RAM was
added to Linux. This work extends this functionality to also allow hot
removing persistent memory.
We (Microsoft) have an important use case for this functionality.
The requirement is for physical machines with small amount of RAM (~8G)
to be able to reboot in a very short period of time (<1s). Yet, there is
a userland state that is expensive to recreate (~2G).
The solution is to boot machines with 2G preserved for persistent
memory.
Copy the state, and hotadd the persistent memory so machine still has
all 8G available for runtime. Before reboot, offline and hotremove
device-dax 2G, copy the memory that is needed to be preserved to pmem0
device, and reboot.
The series of operations look like this:
1. After boot restore /dev/pmem0 to ramdisk to be consumed by apps.
and free ramdisk.
2. Convert raw pmem0 to devdax
ndctl create-namespace --mode devdax --map mem -e namespace0.0 -f
3. Hotadd to System RAM
echo dax0.0 > /sys/bus/dax/drivers/device_dax/unbind
echo dax0.0 > /sys/bus/dax/drivers/kmem/new_id
echo online_movable > /sys/devices/system/memoryXXX/state
4. Before reboot hotremove device-dax memory from System RAM
echo offline > /sys/devices/system/memoryXXX/state
echo dax0.0 > /sys/bus/dax/drivers/kmem/unbind
5. Create raw pmem0 device
ndctl create-namespace --mode raw -e namespace0.0 -f
6. Copy the state that was stored by apps to ramdisk to pmem device
7. Do kexec reboot or reboot through firmware if firmware does not
zero memory in pmem0 region (These machines have only regular
volatile memory). So to have pmem0 device either memmap kernel
parameter is used, or devices nodes in dtb are specified.
Pavel Tatashin (2):
device-dax: fix memory and resource leak if hotplug fails
device-dax: "Hotremove" persistent memory that is used like normal RAM
drivers/dax/dax-private.h | 2 +
drivers/dax/kmem.c | 99 +++++++++++++++++++++++++++++++++++++--
2 files changed, 96 insertions(+), 5 deletions(-)
--
2.21.0
10:54 a.m.
New subject: [v3 1/2] device-dax: fix memory and resource leak if hotplug fails
When add_memory() function fails, the resource and the memory should be
freed.
Fixes: c221c0b0308f ("device-dax: "Hotplug" persistent memory for use like
normal RAM")
Signed-off-by: Pavel Tatashin <pasha.tatashin(a)soleen.com>
---
drivers/dax/kmem.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/dax/kmem.c b/drivers/dax/kmem.c
index a02318c6d28a..4c0131857133 100644
--- a/drivers/dax/kmem.c
+++ b/drivers/dax/kmem.c
@@ -66,8 +66,11 @@ int dev_dax_kmem_probe(struct device *dev)
new_res->name = dev_name(dev);
rc = add_memory(numa_node, new_res->start, resource_size(new_res));
- if (rc)
+ if (rc) {
+ release_resource(new_res);
+ kfree(new_res);
return rc;
+ }
return 0;
}
--
2.21.0
11:32 a.m.
New subject: [v3 1/2] device-dax: fix memory and resource leak if hotplug fails
On 4/25/19 10:54 AM, Pavel Tatashin wrote:
rc = add_memory(numa_node, new_res->start,
resource_size(new_res));
- if (rc)
+ if (rc) {
+ release_resource(new_res);
+ kfree(new_res);
return rc;
+ }
Looks good to me:
Reviewed-by: Dave Hansen <dave.hansen(a)intel.com>
11:51 a.m.
New subject: [v3 1/2] device-dax: fix memory and resource leak if hotplug fails
On Thu, Apr 25, 2019 at 2:32 PM Dave Hansen <dave.hansen(a)intel.com> wrote:
On 4/25/19 10:54 AM, Pavel Tatashin wrote:
> rc = add_memory(numa_node, new_res->start, resource_size(new_res));
> - if (rc)
> + if (rc) {
> + release_resource(new_res);
> + kfree(new_res);
> return rc;
> + }
Looks good to me:
Reviewed-by: Dave Hansen <dave.hansen(a)intel.com>
Thank you Dave.
Pasha
10:54 a.m.
New subject: [v3 2/2] device-dax: "Hotremove" persistent memory that is used like normal RAM
It is now allowed to use persistent memory like a regular RAM, but
currently there is no way to remove this memory until machine is
rebooted.
This work expands the functionality to also allows hotremoving
previously hotplugged persistent memory, and recover the device for use
for other purposes.
To hotremove persistent memory, the management software must first
offline all memory blocks of dax region, and than unbind it from
device-dax/kmem driver. So, operations should look like this:
echo offline > echo offline > /sys/devices/system/memory/memoryN/state
...
echo dax0.0 > /sys/bus/dax/drivers/kmem/unbind
Note: if unbind is done without offlining memory beforehand, it won't be
possible to do dax0.0 hotremove, and dax's memory is going to be part of
System RAM until reboot.
Signed-off-by: Pavel Tatashin <pasha.tatashin(a)soleen.com>
---
drivers/dax/dax-private.h | 2 +
drivers/dax/kmem.c | 94 +++++++++++++++++++++++++++++++++++++--
2 files changed, 92 insertions(+), 4 deletions(-)
diff --git a/drivers/dax/dax-private.h b/drivers/dax/dax-private.h
index a45612148ca0..999aaf3a29b3 100644
--- a/drivers/dax/dax-private.h
+++ b/drivers/dax/dax-private.h
@@ -53,6 +53,7 @@ struct dax_region {
* @pgmap - pgmap for memmap setup / lifetime (driver owned)
* @ref: pgmap reference count (driver owned)
* @cmp: @ref final put completion (driver owned)
+ * @dax_mem_res: physical address range of hotadded DAX memory
*/
struct dev_dax {
struct dax_region *region;
@@ -62,6 +63,7 @@ struct dev_dax {
struct dev_pagemap pgmap;
struct percpu_ref ref;
struct completion cmp;
+ struct resource *dax_kmem_res;
};
static inline struct dev_dax *to_dev_dax(struct device *dev)
diff --git a/drivers/dax/kmem.c b/drivers/dax/kmem.c
index 4c0131857133..6f1640462df9 100644
--- a/drivers/dax/kmem.c
+++ b/drivers/dax/kmem.c
@@ -71,21 +71,107 @@ int dev_dax_kmem_probe(struct device *dev)
kfree(new_res);
return rc;
}
+ dev_dax->dax_kmem_res = new_res;
return 0;
}
+#ifdef CONFIG_MEMORY_HOTREMOVE
+/*
+ * Check that device-dax's memory_blocks are offline. If a memory_block is not
+ * offline a warning is printed and an error is returned. dax hotremove can
+ * succeed only when every memory_block is offlined beforehand.
+ */
+static int
+check_memblock_offlined_cb(struct memory_block *mem, void *arg)
+{
+ struct device *mem_dev = &mem->dev;
+ bool is_offline;
+
+ device_lock(mem_dev);
+ is_offline = mem_dev->offline;
+ device_unlock(mem_dev);
+
+ if (!is_offline) {
+ struct device *dev = (struct device *)arg;
+ unsigned long spfn = section_nr_to_pfn(mem->start_section_nr);
+ unsigned long epfn = section_nr_to_pfn(mem->end_section_nr);
+ phys_addr_t spa = spfn << PAGE_SHIFT;
+ phys_addr_t epa = epfn << PAGE_SHIFT;
+
+ dev_warn(dev, "memory block [%pa-%pa] is not offline\n",
+ &spa, &epa);
+
+ return -EBUSY;
+ }
+
+ return 0;
+}
+
+static int dev_dax_kmem_remove(struct device *dev)
+{
+ struct dev_dax *dev_dax = to_dev_dax(dev);
+ struct resource *res = dev_dax->dax_kmem_res;
+ resource_size_t kmem_start;
+ resource_size_t kmem_size;
+ unsigned long start_pfn;
+ unsigned long end_pfn;
+ int rc;
+
+ /*
+ * dax kmem resource does not exist, means memory was never hotplugged.
+ * So, nothing to do here.
+ */
+ if (!res)
+ return 0;
+
+ kmem_start = res->start;
+ kmem_size = resource_size(res);
+ start_pfn = kmem_start >> PAGE_SHIFT;
+ end_pfn = start_pfn + (kmem_size >> PAGE_SHIFT) - 1;
+
+ /*
+ * Walk and check that every singe memory_block of dax region is
+ * offline
+ */
+ lock_device_hotplug();
+ rc = walk_memory_range(start_pfn, end_pfn, dev,
+ check_memblock_offlined_cb);
+
+ /*
+ * If admin has not offlined memory beforehand, we cannot hotremove dax.
+ * Unfortunately, because unbind will still succeed there is no way for
+ * user to hotremove dax after this.
+ */
+ if (rc) {
+ unlock_device_hotplug();
+ return rc;
+ }
+
+ /* Hotremove memory, cannot fail because memory is already offlined */
+ __remove_memory(dev_dax->target_node, kmem_start, kmem_size);
+ unlock_device_hotplug();
+
+ /* Release and free dax resources */
+ release_resource(res);
+ kfree(res);
+ dev_dax->dax_kmem_res = NULL;
+
+ return 0;
+}
+#else
static int dev_dax_kmem_remove(struct device *dev)
{
/*
- * Purposely leak the request_mem_region() for the device-dax
- * range and return '0' to ->remove() attempts. The removal of
- * the device from the driver always succeeds, but the region
- * is permanently pinned as reserved by the unreleased
+ * Without hotremove purposely leak the request_mem_region() for the
+ * device-dax range and return '0' to ->remove() attempts. The removal
+ * of the device from the driver always succeeds, but the region is
+ * permanently pinned as reserved by the unreleased
* request_mem_region().
*/
return 0;
}
+#endif /* CONFIG_MEMORY_HOTREMOVE */
static struct dax_device_driver device_dax_kmem_driver = {
.drv = {
--
2.21.0
12:01 p.m.
New subject: [v3 2/2] device-dax: "Hotremove" persistent memory that is used like normal RAM
Hi Pavel,
Thanks for doing this! I knew we'd have to get to it eventually, but
sounds like you needed it sooner rather than later.
...
static inline struct dev_dax *to_dev_dax(struct device *dev)
diff --git a/drivers/dax/kmem.c b/drivers/dax/kmem.c
index 4c0131857133..6f1640462df9 100644
--- a/drivers/dax/kmem.c
+++ b/drivers/dax/kmem.c
@@ -71,21 +71,107 @@ int dev_dax_kmem_probe(struct device *dev)
kfree(new_res);
return rc;
}
+ dev_dax->dax_kmem_res = new_res;
return 0;
}
+#ifdef CONFIG_MEMORY_HOTREMOVE
Instead of this #ifdef, is there any downside to doing
if (!IS_ENABLED(CONFIG_MEMORY_HOTREMOVE)) {
/*
* Without hotremove, purposely leak ...
*/
return 0;
}
+/*
+ * Check that device-dax's memory_blocks are offline. If a memory_block is not
+ * offline a warning is printed and an error is returned. dax hotremove can
+ * succeed only when every memory_block is offlined beforehand.
+ */
I'd much rather see comments inline with the code than all piled at the
top of a function like this.
One thing that would be helpful, though, is a reminder about needing the
device hotplug lock.
+static int
+check_memblock_offlined_cb(struct memory_block *mem, void *arg)
+{
+ struct device *mem_dev = &mem->dev;
+ bool is_offline;
+
+ device_lock(mem_dev);
+ is_offline = mem_dev->offline;
+ device_unlock(mem_dev);
+
+ if (!is_offline) {
+ struct device *dev = (struct device *)arg;
The two devices confused me for a bit here. Seems worth a comment to
remind the reader what this device _is_ versus 'mem_dev'.
+ unsigned long spfn = section_nr_to_pfn(mem->start_section_nr);
+ unsigned long epfn = section_nr_to_pfn(mem->end_section_nr);
+ phys_addr_t spa = spfn << PAGE_SHIFT;
+ phys_addr_t epa = epfn << PAGE_SHIFT;
+
+ dev_warn(dev, "memory block [%pa-%pa] is not offline\n",
+ &spa, &epa);
I thought we had a magic resource printk %something. Could we just
print one of the device resources here to save all the section/pfn/paddr
calculations?
Also, should we consider a slightly scarier message? This path has a
permanent, user-visible effect (we can never try to unbind again).
+ return -EBUSY;
+ }
+
+ return 0;
+}
Even though they're static, I'd prefer that we not create two versions
of check_memblock_offlined_cb() in the kernel. Can we give this a
better, non-conflicting name?
+static int dev_dax_kmem_remove(struct device *dev)
+{
+ struct dev_dax *dev_dax = to_dev_dax(dev);
+ struct resource *res = dev_dax->dax_kmem_res;
+ resource_size_t kmem_start;
+ resource_size_t kmem_size;
+ unsigned long start_pfn;
+ unsigned long end_pfn;
+ int rc;
+
+ /*
+ * dax kmem resource does not exist, means memory was never hotplugged.
+ * So, nothing to do here.
+ */
+ if (!res)
+ return 0;
How could that happen? I can't think of any obvious scenarios.
+ kmem_start = res->start;
+ kmem_size = resource_size(res);
+ start_pfn = kmem_start >> PAGE_SHIFT;
+ end_pfn = start_pfn + (kmem_size >> PAGE_SHIFT) - 1;
+
+ /*
+ * Walk and check that every singe memory_block of dax region is
+ * offline
+ */
+ lock_device_hotplug();
+ rc = walk_memory_range(start_pfn, end_pfn, dev,
+ check_memblock_offlined_cb);
Does lock_device_hotplug() also lock memory online/offline? Otherwise,
isn't this offline check racy? If not, can you please spell that out in
a comment?
Also, could you compare this a bit to the walk_memory_range() use in
__remove_memory()? Why do we need two walks looking for offline blocks?
1:21 p.m.
New subject: [v3 2/2] device-dax: "Hotremove" persistent memory that is used like normal RAM
On Thu, Apr 25, 2019 at 3:01 PM Dave Hansen <dave.hansen(a)intel.com> wrote:
Hi Pavel,
Thanks for doing this! I knew we'd have to get to it eventually, but
sounds like you needed it sooner rather than later.
Hi Dave,
Thank you for taking time reviewing this work, my comments below:
>
> +#ifdef CONFIG_MEMORY_HOTREMOVE
Instead of this #ifdef, is there any downside to doing
if (!IS_ENABLED(CONFIG_MEMORY_HOTREMOVE)) {
/*
* Without hotremove, purposely leak ...
*/
return 0;
}
Your method relies that compiler will optimize out all the code that
is not needed, and that dependencies such as __remove_memory() have
empty stubs. So, I prefer that way it is currently implemented.
> +/*
> + * Check that device-dax's memory_blocks are offline. If a memory_block is not
> + * offline a warning is printed and an error is returned. dax hotremove can
> + * succeed only when every memory_block is offlined beforehand.
> + */
I'd much rather see comments inline with the code than all piled at the
top of a function like this.
OK
One thing that would be helpful, though, is a reminder about needing the
device hotplug lock.
OK
> +static int
> +check_memblock_offlined_cb(struct memory_block *mem, void *arg)
> +{
> + struct device *mem_dev = &mem->dev;
> + bool is_offline;
> +
> + device_lock(mem_dev);
> + is_offline = mem_dev->offline;
> + device_unlock(mem_dev);
> +
> + if (!is_offline) {
> + struct device *dev = (struct device *)arg;
The two devices confused me for a bit here. Seems worth a comment to
remind the reader what this device _is_ versus 'mem_dev'.
OK
> + unsigned long spfn = section_nr_to_pfn(mem->start_section_nr);
> + unsigned long epfn = section_nr_to_pfn(mem->end_section_nr);
> + phys_addr_t spa = spfn << PAGE_SHIFT;
> + phys_addr_t epa = epfn << PAGE_SHIFT;
> +
> + dev_warn(dev, "memory block [%pa-%pa] is not offline\n",
> + &spa, &epa);
I thought we had a magic resource printk %something. Could we just
print one of the device resources here to save all the section/pfn/paddr
calculations?
There is no resource for each memory block device, only for system
ram. Since here we inform admin about a particular memory block that
is not offlined, I do not see how to do it differently.
Also, should we consider a slightly scarier message? This path has a
permanent, user-visible effect (we can never try to unbind again).
hm, how about:
dev_err(
"DAX region %pR cannot be hotremoved until next reboot because memory
block [%pa-%pa] is not offline"
)
> + return -EBUSY;
> + }
> +
> + return 0;
> +}
Even though they're static, I'd prefer that we not create two versions
of check_memblock_offlined_cb() in the kernel. Can we give this a
better, non-conflicting name?
how about check_devdax_mem_offlined_cb ?
> +static int dev_dax_kmem_remove(struct device *dev)
> +{
> + struct dev_dax *dev_dax = to_dev_dax(dev);
> + struct resource *res = dev_dax->dax_kmem_res;
> + resource_size_t kmem_start;
> + resource_size_t kmem_size;
> + unsigned long start_pfn;
> + unsigned long end_pfn;
> + int rc;
> +
> + /*
> + * dax kmem resource does not exist, means memory was never hotplugged.
> + * So, nothing to do here.
> + */
> + if (!res)
> + return 0;
How could that happen? I can't think of any obvious scenarios.
Yes, I do not think this is possible. I can remove this check. Just
feels safer to have it though.
> + kmem_start = res->start;
> + kmem_size = resource_size(res);
> + start_pfn = kmem_start >> PAGE_SHIFT;
> + end_pfn = start_pfn + (kmem_size >> PAGE_SHIFT) - 1;
> +
> + /*
> + * Walk and check that every singe memory_block of dax region is
> + * offline
> + */
> + lock_device_hotplug();
> + rc = walk_memory_range(start_pfn, end_pfn, dev,
> + check_memblock_offlined_cb);
Does lock_device_hotplug() also lock memory online/offline? Otherwise,
isn't this offline check racy? If not, can you please spell that out in
a comment?
Yes, it locks memory online/offline via sysfs: online_store(), as that
one also takes this lock lock_device_hotplug(). If someone else wants
to offline/online the memory they also need to take this lock.
Also, could you compare this a bit to the walk_memory_range() use in
__remove_memory()? Why do we need two walks looking for offline blocks?
It is basically doing the same thing, but I do not really see a way
around this. Because __remove_memory() assumes that pages are
offlined, checks, and panics if they are not. Here, we do not panic,
but inform admin of consequences.
Thank you,
Pasha
1204
days inactive
1204
days old
6 comments
3 participants
participants (3)
-
Dave Hansen -
Pavel Tatashin -
Pavel Tatashin