| Message ID | 20240620184856.600717-1-jiaqiyan@google.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Userspace controls soft-offline pages | expand |
Jiaqi Yan <jiaqiyan@google.com> writes: > Correctable memory errors are very common on servers with large > amount of memory, and are corrected by ECC, but with two > pain points to users: > 1. Correction usually happens on the fly and adds latency overhead > 2. Not-fully-proved theory states excessive correctable memory > errors can develop into uncorrectable memory error. This patchkit is amusing (or maybe sad) because it basically tries to reconstruct the original soft offline design using a user space daemon instead of doing policy badly in the kernel. You can still have it by enabling CONFIG_X86_MCELOG_LEGACY and use http://www.mcelog.org or an equivalent daemon of your chosing that listens to /dev/mcelog. -Andi
Thanks for your comment, Andi. On Thu, Jun 20, 2024 at 3:53 PM Andi Kleen <ak@linux.intel.com> wrote: > > Jiaqi Yan <jiaqiyan@google.com> writes: > > > Correctable memory errors are very common on servers with large > > amount of memory, and are corrected by ECC, but with two > > pain points to users: > > 1. Correction usually happens on the fly and adds latency overhead > > 2. Not-fully-proved theory states excessive correctable memory > > errors can develop into uncorrectable memory error. > > This patchkit is amusing (or maybe sad) because it basically tries to > reconstruct the original soft offline design using a user space daemon > instead of doing policy badly in the kernel. Some clarifications. I don't intend to reconstruct. I think this patchset can also be treated as "patch some missing places so that kernel doesn't soft offline behind the back of userspace daemon". I agree with you (IIUC) that the policy for corrected memory errors should exist in userspace. But the situation is that some behaviors in the kernel don't respect that (they either have a reason to not respect, or just forget to respect). enable_soft_offline is basically the big button in userspace to block these kernel violators. > > You can still have it by enabling CONFIG_X86_MCELOG_LEGACY and > use http://www.mcelog.org or an equivalent daemon of your chosing > that listens to /dev/mcelog. If I didn't miss anything important in https://github.com/andikleen/mcelog and arch/x86/kernel/cpu/mce/dev-mcelog.c, I don't think /dev/mcelog works on ARM platforms where CPER is used to convey hw errors from platform to OS. In addition, again taking an ARM platform as an example, I don't think any userspace daemon has the way to stop the GHES driver from soft offlining memory pages: https://github.com/torvalds/linux/blob/master/drivers/acpi/apei/ghes.c#L521. But of course it is not a problem if userspace always wants soft offline to happen. > > -Andi > >
On Fri, Jun 21, 2024 at 04:53:41PM -0700, Jiaqi Yan wrote: > Thanks for your comment, Andi. > > On Thu, Jun 20, 2024 at 3:53 PM Andi Kleen <ak@linux.intel.com> wrote: > > > > Jiaqi Yan <jiaqiyan@google.com> writes: > > > > > Correctable memory errors are very common on servers with large > > > amount of memory, and are corrected by ECC, but with two > > > pain points to users: > > > 1. Correction usually happens on the fly and adds latency overhead > > > 2. Not-fully-proved theory states excessive correctable memory > > > errors can develop into uncorrectable memory error. > > > > This patchkit is amusing (or maybe sad) because it basically tries to > > reconstruct the original soft offline design using a user space daemon > > instead of doing policy badly in the kernel. > > Some clarifications. I don't intend to reconstruct. I think this > patchset can also be treated as "patch some missing places so that > kernel doesn't soft offline behind the back of userspace daemon". > I agree with you (IIUC) that the policy for corrected memory errors > should exist in userspace. But the situation is that some behaviors in > the kernel don't respect that (they either have a reason to not > respect, or just forget to respect). enable_soft_offline is basically > the big button in userspace to block these kernel violators. It would be better to disable them earlier before they waste work tracking things unnecessarily. But yes it's a step in the right direction. > > > > > You can still have it by enabling CONFIG_X86_MCELOG_LEGACY and > > use http://www.mcelog.org or an equivalent daemon of your chosing > > that listens to /dev/mcelog. > > If I didn't miss anything important in > https://github.com/andikleen/mcelog and > arch/x86/kernel/cpu/mce/dev-mcelog.c, I don't think /dev/mcelog works > on ARM platforms where CPER is used to convey hw errors from platform > to OS. Yes or not on AMD even. -Andi
Correctable memory errors are very common on servers with large amount of memory, and are corrected by ECC, but with two pain points to users: 1. Correction usually happens on the fly and adds latency overhead 2. Not-fully-proved theory states excessive correctable memory errors can develop into uncorrectable memory error. Soft offline is kernel's additional solution for memory pages having (excessive) corrected memory errors. Impacted page is migrated to healthy page if it is in use, then the original page is discarded for any future use. The actual policy on whether (and when) to soft offline should be maintained by userspace, especially in case of an 1G HugeTLB page. Soft-offline dissolves the HugeTLB page, either in-use or free, into chunks of 4K pages, reducing HugeTLB pool capacity by 1 hugepage. If userspace has not acknowledged such behavior, it may be surprised when later mmap hugepages MAP_FAILED due to lack of hugepages. In case of a transparent hugepage, it will be split into 4K pages as well; userspace will stop enjoying the transparent performance. In addition, discarding the entire 1G HugeTLB page only because of corrected memory errors sounds very costly and kernel better not doing under the hood. But today there are at least 2 such cases: 1. GHES driver sees both GHES_SEV_CORRECTED and CPER_SEC_ERROR_THRESHOLD_EXCEEDED after parsing CPER. 2. RAS Correctable Errors Collector counts correctable errors per PFN and when the counter for a PFN reaches threshold In both cases, userspace has no control of the soft offline performed by kernel's memory failure recovery. This patch series give userspace the control of softofflining any page: kernel only soft offlines raw page / transparent hugepage / HugeTLB hugepage if userspace has agreed to. The interface to userspace is a new sysctl called enable_soft_offline under /proc/sys/vm. By default enable_soft_line is 1 to preserve existing behavior in kernel. Changelog v3 => v4: * incorporate feedbacks from Miaohe Lin <linmiaohe@huawei.com>, Andrew Morton <akpm@linux-foundation.org>, and Oscar Salvador <osalvador@suse.de>. * insert a refactor commit to unify soft offline's logs to follow "Soft offline: 0x${pfn}: ${message}" format. * some rewords in document: fail => will not perform. * v4 is still based on commit 83a7eefedc9b ("Linux 6.10-rc3"), akpm/mm-stable. v2 => v3: * incorporate feedbacks from Miaohe Lin <linmiaohe@huawei.com>, Lance Yang <ioworker0@gmail.com>, Oscar Salvador <osalvador@suse.de>, and David Rientjes <rientjes@google.com>. * release potential refcount if enable_soft_offline is 0. * soft_offline_page() returns EOPNOTSUPP if enable_soft_offline is 0. * refactor hugetlb-soft-offline.c, for example, introduce test_soft_offline_common to reduce repeated code. * rewrite enable_soft_offline's documentation, adds more details about the cost of soft-offline for transparent and hugetlb hugepages, and components that are impacted when enable_soft_offline becomes 0. * fix typos in commit messages. * v3 is still based on commit 83a7eefedc9b ("Linux 6.10-rc3"). v1 => v2: * incorporate feedbacks from both Miaohe Lin <linmiaohe@huawei.com> and Jane Chu <jane.chu@oracle.com>. * make the switch to control all pages, instead of HugeTLB specific. * change the API from /sys/kernel/mm/hugepages/hugepages-${size}kB/softoffline_corrected_errors to /proc/sys/vm/enable_soft_offline. * minor update to test code. * update documentation of the user control API. * v2 is based on commit 83a7eefedc9b ("Linux 6.10-rc3"). Jiaqi Yan (4): mm/memory-failure: refactor log format in soft offline code mm/memory-failure: userspace controls soft-offlining pages selftest/mm: test enable_soft_offline behaviors docs: mm: add enable_soft_offline sysctl Documentation/admin-guide/sysctl/vm.rst | 32 +++ mm/memory-failure.c | 38 ++- tools/testing/selftests/mm/.gitignore | 1 + tools/testing/selftests/mm/Makefile | 1 + .../selftests/mm/hugetlb-soft-offline.c | 229 ++++++++++++++++++ tools/testing/selftests/mm/run_vmtests.sh | 4 + 6 files changed, 297 insertions(+), 8 deletions(-) create mode 100644 tools/testing/selftests/mm/hugetlb-soft-offline.c