blob: a14c2938e7af3c5b18da3661fdcc31c75e695ce9 [file] [log] [blame]
Ralph Campbell50aab9b2020-09-02 15:52:47 -07001.. _hmm:
Mike Rapoportaa9f34e2018-03-21 21:22:22 +02002
3=====================================
Jérôme Glissebffc33e2017-09-08 16:11:19 -07004Heterogeneous Memory Management (HMM)
Mike Rapoportaa9f34e2018-03-21 21:22:22 +02005=====================================
Jérôme Glissebffc33e2017-09-08 16:11:19 -07006
Jérôme Glissee8eddfd2018-04-10 16:29:16 -07007Provide infrastructure and helpers to integrate non-conventional memory (device
8memory like GPU on board memory) into regular kernel path, with the cornerstone
9of this being specialized struct page for such memory (see sections 5 to 7 of
10this document).
Jérôme Glissebffc33e2017-09-08 16:11:19 -070011
Jérôme Glissee8eddfd2018-04-10 16:29:16 -070012HMM also provides optional helpers for SVM (Share Virtual Memory), i.e.,
Ralph Campbell2076e5c2019-05-06 16:29:38 -070013allowing a device to transparently access program addresses coherently with
Jonathan Corbet24844fd2018-04-16 14:25:08 -060014the CPU meaning that any valid pointer on the CPU is also a valid pointer
15for the device. This is becoming mandatory to simplify the use of advanced
16heterogeneous computing where GPU, DSP, or FPGA are used to perform various
Jérôme Glissee8eddfd2018-04-10 16:29:16 -070017computations on behalf of a process.
Ralph Campbell76ea4702018-04-10 16:28:11 -070018
19This document is divided as follows: in the first section I expose the problems
20related to using device specific memory allocators. In the second section, I
21expose the hardware limitations that are inherent to many platforms. The third
22section gives an overview of the HMM design. The fourth section explains how
Jérôme Glissee8eddfd2018-04-10 16:29:16 -070023CPU page-table mirroring works and the purpose of HMM in this context. The
Ralph Campbell76ea4702018-04-10 16:28:11 -070024fifth section deals with how device memory is represented inside the kernel.
Ralph Campbell2076e5c2019-05-06 16:29:38 -070025Finally, the last section presents a new migration helper that allows
26leveraging the device DMA engine.
Jérôme Glissebffc33e2017-09-08 16:11:19 -070027
Mike Rapoportaa9f34e2018-03-21 21:22:22 +020028.. contents:: :local:
Jérôme Glissebffc33e2017-09-08 16:11:19 -070029
Jonathan Corbet24844fd2018-04-16 14:25:08 -060030Problems of using a device specific memory allocator
31====================================================
Jérôme Glissebffc33e2017-09-08 16:11:19 -070032
Jérôme Glissee8eddfd2018-04-10 16:29:16 -070033Devices with a large amount of on board memory (several gigabytes) like GPUs
Ralph Campbell76ea4702018-04-10 16:28:11 -070034have historically managed their memory through dedicated driver specific APIs.
35This creates a disconnect between memory allocated and managed by a device
36driver and regular application memory (private anonymous, shared memory, or
37regular file backed memory). From here on I will refer to this aspect as split
38address space. I use shared address space to refer to the opposite situation:
39i.e., one in which any application memory region can be used by a device
40transparently.
Jérôme Glissebffc33e2017-09-08 16:11:19 -070041
Ralph Campbell2076e5c2019-05-06 16:29:38 -070042Split address space happens because devices can only access memory allocated
43through a device specific API. This implies that all memory objects in a program
Jérôme Glissee8eddfd2018-04-10 16:29:16 -070044are not equal from the device point of view which complicates large programs
45that rely on a wide set of libraries.
Jérôme Glissebffc33e2017-09-08 16:11:19 -070046
Ralph Campbell2076e5c2019-05-06 16:29:38 -070047Concretely, this means that code that wants to leverage devices like GPUs needs
48to copy objects between generically allocated memory (malloc, mmap private, mmap
Jérôme Glissee8eddfd2018-04-10 16:29:16 -070049share) and memory allocated through the device driver API (this still ends up
50with an mmap but of the device file).
Jérôme Glissebffc33e2017-09-08 16:11:19 -070051
Jérôme Glissee8eddfd2018-04-10 16:29:16 -070052For flat data sets (array, grid, image, ...) this isn't too hard to achieve but
Ralph Campbell2076e5c2019-05-06 16:29:38 -070053for complex data sets (list, tree, ...) it's hard to get right. Duplicating a
Jérôme Glissee8eddfd2018-04-10 16:29:16 -070054complex data set needs to re-map all the pointer relations between each of its
Ralph Campbell2076e5c2019-05-06 16:29:38 -070055elements. This is error prone and programs get harder to debug because of the
Jérôme Glissee8eddfd2018-04-10 16:29:16 -070056duplicate data set and addresses.
Jérôme Glissebffc33e2017-09-08 16:11:19 -070057
Jérôme Glissee8eddfd2018-04-10 16:29:16 -070058Split address space also means that libraries cannot transparently use data
Ralph Campbell76ea4702018-04-10 16:28:11 -070059they are getting from the core program or another library and thus each library
Jérôme Glissee8eddfd2018-04-10 16:29:16 -070060might have to duplicate its input data set using the device specific memory
Ralph Campbell76ea4702018-04-10 16:28:11 -070061allocator. Large projects suffer from this and waste resources because of the
62various memory copies.
Jérôme Glissebffc33e2017-09-08 16:11:19 -070063
Jérôme Glissee8eddfd2018-04-10 16:29:16 -070064Duplicating each library API to accept as input or output memory allocated by
Jérôme Glissebffc33e2017-09-08 16:11:19 -070065each device specific allocator is not a viable option. It would lead to a
Ralph Campbell76ea4702018-04-10 16:28:11 -070066combinatorial explosion in the library entry points.
Jérôme Glissebffc33e2017-09-08 16:11:19 -070067
Ralph Campbell76ea4702018-04-10 16:28:11 -070068Finally, with the advance of high level language constructs (in C++ but in
69other languages too) it is now possible for the compiler to leverage GPUs and
70other devices without programmer knowledge. Some compiler identified patterns
71are only do-able with a shared address space. It is also more reasonable to use
72a shared address space for all other patterns.
Jérôme Glissebffc33e2017-09-08 16:11:19 -070073
74
Jonathan Corbet24844fd2018-04-16 14:25:08 -060075I/O bus, device memory characteristics
76======================================
Jérôme Glissebffc33e2017-09-08 16:11:19 -070077
Jérôme Glissee8eddfd2018-04-10 16:29:16 -070078I/O buses cripple shared address spaces due to a few limitations. Most I/O
79buses only allow basic memory access from device to main memory; even cache
Ralph Campbell2076e5c2019-05-06 16:29:38 -070080coherency is often optional. Access to device memory from a CPU is even more
Jérôme Glissee8eddfd2018-04-10 16:29:16 -070081limited. More often than not, it is not cache coherent.
Jérôme Glissebffc33e2017-09-08 16:11:19 -070082
Ralph Campbell76ea4702018-04-10 16:28:11 -070083If we only consider the PCIE bus, then a device can access main memory (often
84through an IOMMU) and be cache coherent with the CPUs. However, it only allows
Ralph Campbell2076e5c2019-05-06 16:29:38 -070085a limited set of atomic operations from the device on main memory. This is worse
Jérôme Glissee8eddfd2018-04-10 16:29:16 -070086in the other direction: the CPU can only access a limited range of the device
87memory and cannot perform atomic operations on it. Thus device memory cannot
Ralph Campbell76ea4702018-04-10 16:28:11 -070088be considered the same as regular memory from the kernel point of view.
Jérôme Glissebffc33e2017-09-08 16:11:19 -070089
90Another crippling factor is the limited bandwidth (~32GBytes/s with PCIE 4.0
Ralph Campbell76ea4702018-04-10 16:28:11 -070091and 16 lanes). This is 33 times less than the fastest GPU memory (1 TBytes/s).
92The final limitation is latency. Access to main memory from the device has an
93order of magnitude higher latency than when the device accesses its own memory.
Jérôme Glissebffc33e2017-09-08 16:11:19 -070094
Ralph Campbell76ea4702018-04-10 16:28:11 -070095Some platforms are developing new I/O buses or additions/modifications to PCIE
Ralph Campbell2076e5c2019-05-06 16:29:38 -070096to address some of these limitations (OpenCAPI, CCIX). They mainly allow
97two-way cache coherency between CPU and device and allow all atomic operations the
Jérôme Glissee8eddfd2018-04-10 16:29:16 -070098architecture supports. Sadly, not all platforms are following this trend and
Ralph Campbell76ea4702018-04-10 16:28:11 -070099some major architectures are left without hardware solutions to these problems.
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700100
Jérôme Glissee8eddfd2018-04-10 16:29:16 -0700101So for shared address space to make sense, not only must we allow devices to
102access any memory but we must also permit any memory to be migrated to device
Ralph Campbell2076e5c2019-05-06 16:29:38 -0700103memory while the device is using it (blocking CPU access while it happens).
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700104
105
Jonathan Corbet24844fd2018-04-16 14:25:08 -0600106Shared address space and migration
107==================================
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700108
Ralph Campbell2076e5c2019-05-06 16:29:38 -0700109HMM intends to provide two main features. The first one is to share the address
Ralph Campbell76ea4702018-04-10 16:28:11 -0700110space by duplicating the CPU page table in the device page table so the same
111address points to the same physical memory for any valid main memory address in
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700112the process address space.
113
Ralph Campbell76ea4702018-04-10 16:28:11 -0700114To achieve this, HMM offers a set of helpers to populate the device page table
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700115while keeping track of CPU page table updates. Device page table updates are
Ralph Campbell76ea4702018-04-10 16:28:11 -0700116not as easy as CPU page table updates. To update the device page table, you must
117allocate a buffer (or use a pool of pre-allocated buffers) and write GPU
118specific commands in it to perform the update (unmap, cache invalidations, and
Jérôme Glissee8eddfd2018-04-10 16:29:16 -0700119flush, ...). This cannot be done through common code for all devices. Hence
Ralph Campbell76ea4702018-04-10 16:28:11 -0700120why HMM provides helpers to factor out everything that can be while leaving the
121hardware specific details to the device driver.
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700122
Jérôme Glissee8eddfd2018-04-10 16:29:16 -0700123The second mechanism HMM provides is a new kind of ZONE_DEVICE memory that
Ralph Campbell2076e5c2019-05-06 16:29:38 -0700124allows allocating a struct page for each page of device memory. Those pages
Jérôme Glissee8eddfd2018-04-10 16:29:16 -0700125are special because the CPU cannot map them. However, they allow migrating
Ralph Campbell76ea4702018-04-10 16:28:11 -0700126main memory to device memory using existing migration mechanisms and everything
Ralph Campbell2076e5c2019-05-06 16:29:38 -0700127looks like a page that is swapped out to disk from the CPU point of view. Using a
128struct page gives the easiest and cleanest integration with existing mm
129mechanisms. Here again, HMM only provides helpers, first to hotplug new ZONE_DEVICE
Ralph Campbell76ea4702018-04-10 16:28:11 -0700130memory for the device memory and second to perform migration. Policy decisions
Ralph Campbell2076e5c2019-05-06 16:29:38 -0700131of what and when to migrate is left to the device driver.
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700132
Ralph Campbell76ea4702018-04-10 16:28:11 -0700133Note that any CPU access to a device page triggers a page fault and a migration
134back to main memory. For example, when a page backing a given CPU address A is
135migrated from a main memory page to a device page, then any CPU access to
136address A triggers a page fault and initiates a migration back to main memory.
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700137
Ralph Campbell76ea4702018-04-10 16:28:11 -0700138With these two features, HMM not only allows a device to mirror process address
Ralph Campbell2076e5c2019-05-06 16:29:38 -0700139space and keeps both CPU and device page tables synchronized, but also
140leverages device memory by migrating the part of the data set that is actively being
Ralph Campbell76ea4702018-04-10 16:28:11 -0700141used by the device.
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700142
143
Mike Rapoportaa9f34e2018-03-21 21:22:22 +0200144Address space mirroring implementation and API
145==============================================
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700146
Ralph Campbell76ea4702018-04-10 16:28:11 -0700147Address space mirroring's main objective is to allow duplication of a range of
148CPU page table into a device page table; HMM helps keep both synchronized. A
Jérôme Glissee8eddfd2018-04-10 16:29:16 -0700149device driver that wants to mirror a process address space must start with the
Jason Gunthorpea22dd502019-11-12 16:22:30 -0400150registration of a mmu_interval_notifier::
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700151
Jason Gunthorpe5292e242020-01-14 11:29:52 -0400152 int mmu_interval_notifier_insert(struct mmu_interval_notifier *interval_sub,
153 struct mm_struct *mm, unsigned long start,
154 unsigned long length,
155 const struct mmu_interval_notifier_ops *ops);
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700156
Jason Gunthorpe5292e242020-01-14 11:29:52 -0400157During the ops->invalidate() callback the device driver must perform the
158update action to the range (mark range read only, or fully unmap, etc.). The
159device must complete the update before the driver callback returns.
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700160
Ralph Campbell76ea4702018-04-10 16:28:11 -0700161When the device driver wants to populate a range of virtual addresses, it can
Christoph Hellwigd45d4642019-07-25 17:56:47 -0700162use::
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700163
Jason Gunthorpebe957c82020-05-01 15:20:45 -0300164 int hmm_range_fault(struct hmm_range *range);
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700165
Jason Gunthorpe6bfef2f2020-03-27 17:00:16 -0300166It will trigger a page fault on missing or read-only entries if write access is
167requested (see below). Page faults use the generic mm page fault code path just
168like a CPU page fault.
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700169
Ralph Campbell76ea4702018-04-10 16:28:11 -0700170Both functions copy CPU page table entries into their pfns array argument. Each
171entry in that array corresponds to an address in the virtual range. HMM
172provides a set of flags to help the driver identify special CPU page table
173entries.
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700174
Ralph Campbell2076e5c2019-05-06 16:29:38 -0700175Locking within the sync_cpu_device_pagetables() callback is the most important
176aspect the driver must respect in order to keep things properly synchronized.
177The usage pattern is::
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700178
179 int driver_populate_range(...)
180 {
181 struct hmm_range range;
182 ...
Jérôme Glisse25f23a02019-05-13 17:19:55 -0700183
Jason Gunthorpe5292e242020-01-14 11:29:52 -0400184 range.notifier = &interval_sub;
Jérôme Glisse25f23a02019-05-13 17:19:55 -0700185 range.start = ...;
186 range.end = ...;
Jason Gunthorpe2733ea12020-05-01 15:20:48 -0300187 range.hmm_pfns = ...;
Jérôme Glissea3e0d412019-05-13 17:20:01 -0700188
Jason Gunthorpe5292e242020-01-14 11:29:52 -0400189 if (!mmget_not_zero(interval_sub->notifier.mm))
Jason Gunthorpea22dd502019-11-12 16:22:30 -0400190 return -EFAULT;
Jérôme Glisse25f23a02019-05-13 17:19:55 -0700191
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700192 again:
Jason Gunthorpe5292e242020-01-14 11:29:52 -0400193 range.notifier_seq = mmu_interval_read_begin(&interval_sub);
Michel Lespinasse3e4e28c2020-06-08 21:33:51 -0700194 mmap_read_lock(mm);
Jason Gunthorpe6bfef2f2020-03-27 17:00:16 -0300195 ret = hmm_range_fault(&range);
Jérôme Glisse25f23a02019-05-13 17:19:55 -0700196 if (ret) {
Michel Lespinasse3e4e28c2020-06-08 21:33:51 -0700197 mmap_read_unlock(mm);
Jason Gunthorpea22dd502019-11-12 16:22:30 -0400198 if (ret == -EBUSY)
199 goto again;
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700200 return ret;
Jérôme Glisse25f23a02019-05-13 17:19:55 -0700201 }
Michel Lespinasse3e4e28c2020-06-08 21:33:51 -0700202 mmap_read_unlock(mm);
Jason Gunthorpea22dd502019-11-12 16:22:30 -0400203
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700204 take_lock(driver->update);
Jason Gunthorpea22dd502019-11-12 16:22:30 -0400205 if (mmu_interval_read_retry(&ni, range.notifier_seq) {
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700206 release_lock(driver->update);
207 goto again;
208 }
209
Jason Gunthorpea22dd502019-11-12 16:22:30 -0400210 /* Use pfns array content to update device page table,
211 * under the update lock */
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700212
213 release_lock(driver->update);
214 return 0;
215 }
216
Ralph Campbell76ea4702018-04-10 16:28:11 -0700217The driver->update lock is the same lock that the driver takes inside its
Jason Gunthorpea22dd502019-11-12 16:22:30 -0400218invalidate() callback. That lock must be held before calling
219mmu_interval_read_retry() to avoid any race with a concurrent CPU page table
220update.
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700221
Jérôme Glisse023a0192019-05-13 17:20:05 -0700222Leverage default_flags and pfn_flags_mask
223=========================================
224
Ralph Campbell2076e5c2019-05-06 16:29:38 -0700225The hmm_range struct has 2 fields, default_flags and pfn_flags_mask, that specify
226fault or snapshot policy for the whole range instead of having to set them
227for each entry in the pfns array.
Jérôme Glisse023a0192019-05-13 17:20:05 -0700228
Jason Gunthorpe2733ea12020-05-01 15:20:48 -0300229For instance if the device driver wants pages for a range with at least read
230permission, it sets::
Jérôme Glisse023a0192019-05-13 17:20:05 -0700231
Jason Gunthorpe2733ea12020-05-01 15:20:48 -0300232 range->default_flags = HMM_PFN_REQ_FAULT;
Jérôme Glisse023a0192019-05-13 17:20:05 -0700233 range->pfn_flags_mask = 0;
234
Ralph Campbell2076e5c2019-05-06 16:29:38 -0700235and calls hmm_range_fault() as described above. This will fill fault all pages
Jérôme Glisse023a0192019-05-13 17:20:05 -0700236in the range with at least read permission.
237
Ralph Campbell2076e5c2019-05-06 16:29:38 -0700238Now let's say the driver wants to do the same except for one page in the range for
239which it wants to have write permission. Now driver set::
Randy Dunlap91173c62019-05-31 22:29:57 -0700240
Jason Gunthorpe2733ea12020-05-01 15:20:48 -0300241 range->default_flags = HMM_PFN_REQ_FAULT;
242 range->pfn_flags_mask = HMM_PFN_REQ_WRITE;
243 range->pfns[index_of_write] = HMM_PFN_REQ_WRITE;
Jérôme Glisse023a0192019-05-13 17:20:05 -0700244
Ralph Campbell2076e5c2019-05-06 16:29:38 -0700245With this, HMM will fault in all pages with at least read (i.e., valid) and for the
Jérôme Glisse023a0192019-05-13 17:20:05 -0700246address == range->start + (index_of_write << PAGE_SHIFT) it will fault with
Ralph Campbell2076e5c2019-05-06 16:29:38 -0700247write permission i.e., if the CPU pte does not have write permission set then HMM
Jérôme Glisse023a0192019-05-13 17:20:05 -0700248will call handle_mm_fault().
249
Jason Gunthorpe2733ea12020-05-01 15:20:48 -0300250After hmm_range_fault completes the flag bits are set to the current state of
251the page tables, ie HMM_PFN_VALID | HMM_PFN_WRITE will be set if the page is
252writable.
Jérôme Glisse023a0192019-05-13 17:20:05 -0700253
254
Mike Rapoportaa9f34e2018-03-21 21:22:22 +0200255Represent and manage device memory from core kernel point of view
256=================================================================
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700257
Ralph Campbell2076e5c2019-05-06 16:29:38 -0700258Several different designs were tried to support device memory. The first one
259used a device specific data structure to keep information about migrated memory
260and HMM hooked itself in various places of mm code to handle any access to
Ralph Campbell76ea4702018-04-10 16:28:11 -0700261addresses that were backed by device memory. It turns out that this ended up
262replicating most of the fields of struct page and also needed many kernel code
263paths to be updated to understand this new kind of memory.
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700264
Ralph Campbell76ea4702018-04-10 16:28:11 -0700265Most kernel code paths never try to access the memory behind a page
266but only care about struct page contents. Because of this, HMM switched to
267directly using struct page for device memory which left most kernel code paths
268unaware of the difference. We only need to make sure that no one ever tries to
269map those pages from the CPU side.
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700270
Jonathan Corbet24844fd2018-04-16 14:25:08 -0600271Migration to and from device memory
272===================================
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700273
Ralph Campbellf7ebd9e2020-09-09 14:29:56 -0700274Because the CPU cannot access device memory directly, the device driver must
275use hardware DMA or device specific load/store instructions to migrate data.
276The migrate_vma_setup(), migrate_vma_pages(), and migrate_vma_finalize()
277functions are designed to make drivers easier to write and to centralize common
278code across drivers.
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700279
Ralph Campbellf7ebd9e2020-09-09 14:29:56 -0700280Before migrating pages to device private memory, special device private
281``struct page`` need to be created. These will be used as special "swap"
282page table entries so that a CPU process will fault if it tries to access
283a page that has been migrated to device private memory.
284
285These can be allocated and freed with::
286
287 struct resource *res;
288 struct dev_pagemap pagemap;
289
290 res = request_free_mem_region(&iomem_resource, /* number of bytes */,
291 "name of driver resource");
292 pagemap.type = MEMORY_DEVICE_PRIVATE;
293 pagemap.range.start = res->start;
294 pagemap.range.end = res->end;
295 pagemap.nr_range = 1;
296 pagemap.ops = &device_devmem_ops;
297 memremap_pages(&pagemap, numa_node_id());
298
299 memunmap_pages(&pagemap);
300 release_mem_region(pagemap.range.start, range_len(&pagemap.range));
301
302There are also devm_request_free_mem_region(), devm_memremap_pages(),
303devm_memunmap_pages(), and devm_release_mem_region() when the resources can
304be tied to a ``struct device``.
305
306The overall migration steps are similar to migrating NUMA pages within system
307memory (see :ref:`Page migration <page_migration>`) but the steps are split
308between device driver specific code and shared common code:
309
3101. ``mmap_read_lock()``
311
312 The device driver has to pass a ``struct vm_area_struct`` to
313 migrate_vma_setup() so the mmap_read_lock() or mmap_write_lock() needs to
314 be held for the duration of the migration.
315
3162. ``migrate_vma_setup(struct migrate_vma *args)``
317
318 The device driver initializes the ``struct migrate_vma`` fields and passes
319 the pointer to migrate_vma_setup(). The ``args->flags`` field is used to
320 filter which source pages should be migrated. For example, setting
321 ``MIGRATE_VMA_SELECT_SYSTEM`` will only migrate system memory and
322 ``MIGRATE_VMA_SELECT_DEVICE_PRIVATE`` will only migrate pages residing in
323 device private memory. If the latter flag is set, the ``args->pgmap_owner``
324 field is used to identify device private pages owned by the driver. This
325 avoids trying to migrate device private pages residing in other devices.
326 Currently only anonymous private VMA ranges can be migrated to or from
327 system memory and device private memory.
328
329 One of the first steps migrate_vma_setup() does is to invalidate other
330 device's MMUs with the ``mmu_notifier_invalidate_range_start(()`` and
331 ``mmu_notifier_invalidate_range_end()`` calls around the page table
332 walks to fill in the ``args->src`` array with PFNs to be migrated.
333 The ``invalidate_range_start()`` callback is passed a
334 ``struct mmu_notifier_range`` with the ``event`` field set to
Alistair Popple6b49bf62021-06-30 18:54:19 -0700335 ``MMU_NOTIFY_MIGRATE`` and the ``owner`` field set to
Ralph Campbellf7ebd9e2020-09-09 14:29:56 -0700336 the ``args->pgmap_owner`` field passed to migrate_vma_setup(). This is
337 allows the device driver to skip the invalidation callback and only
338 invalidate device private MMU mappings that are actually migrating.
339 This is explained more in the next section.
340
341 While walking the page tables, a ``pte_none()`` or ``is_zero_pfn()``
342 entry results in a valid "zero" PFN stored in the ``args->src`` array.
343 This lets the driver allocate device private memory and clear it instead
344 of copying a page of zeros. Valid PTE entries to system memory or
345 device private struct pages will be locked with ``lock_page()``, isolated
346 from the LRU (if system memory since device private pages are not on
347 the LRU), unmapped from the process, and a special migration PTE is
348 inserted in place of the original PTE.
349 migrate_vma_setup() also clears the ``args->dst`` array.
350
3513. The device driver allocates destination pages and copies source pages to
352 destination pages.
353
354 The driver checks each ``src`` entry to see if the ``MIGRATE_PFN_MIGRATE``
355 bit is set and skips entries that are not migrating. The device driver
356 can also choose to skip migrating a page by not filling in the ``dst``
357 array for that page.
358
359 The driver then allocates either a device private struct page or a
360 system memory page, locks the page with ``lock_page()``, and fills in the
361 ``dst`` array entry with::
362
Mauro Carvalho Chehabf910ce52020-09-17 13:29:25 +0200363 dst[i] = migrate_pfn(page_to_pfn(dpage)) | MIGRATE_PFN_LOCKED;
Ralph Campbellf7ebd9e2020-09-09 14:29:56 -0700364
365 Now that the driver knows that this page is being migrated, it can
366 invalidate device private MMU mappings and copy device private memory
367 to system memory or another device private page. The core Linux kernel
368 handles CPU page table invalidations so the device driver only has to
369 invalidate its own MMU mappings.
370
371 The driver can use ``migrate_pfn_to_page(src[i])`` to get the
372 ``struct page`` of the source and either copy the source page to the
373 destination or clear the destination device private memory if the pointer
374 is ``NULL`` meaning the source page was not populated in system memory.
375
3764. ``migrate_vma_pages()``
377
378 This step is where the migration is actually "committed".
379
380 If the source page was a ``pte_none()`` or ``is_zero_pfn()`` page, this
381 is where the newly allocated page is inserted into the CPU's page table.
382 This can fail if a CPU thread faults on the same page. However, the page
383 table is locked and only one of the new pages will be inserted.
384 The device driver will see that the ``MIGRATE_PFN_MIGRATE`` bit is cleared
385 if it loses the race.
386
387 If the source page was locked, isolated, etc. the source ``struct page``
388 information is now copied to destination ``struct page`` finalizing the
389 migration on the CPU side.
390
3915. Device driver updates device MMU page tables for pages still migrating,
392 rolling back pages not migrating.
393
394 If the ``src`` entry still has ``MIGRATE_PFN_MIGRATE`` bit set, the device
395 driver can update the device MMU and set the write enable bit if the
396 ``MIGRATE_PFN_WRITE`` bit is set.
397
3986. ``migrate_vma_finalize()``
399
400 This step replaces the special migration page table entry with the new
401 page's page table entry and releases the reference to the source and
402 destination ``struct page``.
403
4047. ``mmap_read_unlock()``
405
406 The lock can now be released.
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700407
Alistair Poppleb756a3b2021-06-30 18:54:25 -0700408Exclusive access memory
409=======================
410
411Some devices have features such as atomic PTE bits that can be used to implement
412atomic access to system memory. To support atomic operations to a shared virtual
413memory page such a device needs access to that page which is exclusive of any
414userspace access from the CPU. The ``make_device_exclusive_range()`` function
415can be used to make a memory range inaccessible from userspace.
416
417This replaces all mappings for pages in the given range with special swap
418entries. Any attempt to access the swap entry results in a fault which is
419resovled by replacing the entry with the original mapping. A driver gets
420notified that the mapping has been changed by MMU notifiers, after which point
421it will no longer have exclusive access to the page. Exclusive access is
422guranteed to last until the driver drops the page lock and page reference, at
423which point any CPU faults on the page may proceed as described.
424
Mike Rapoportaa9f34e2018-03-21 21:22:22 +0200425Memory cgroup (memcg) and rss accounting
426========================================
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700427
Ralph Campbell2076e5c2019-05-06 16:29:38 -0700428For now, device memory is accounted as any regular page in rss counters (either
Ralph Campbell76ea4702018-04-10 16:28:11 -0700429anonymous if device page is used for anonymous, file if device page is used for
Ralph Campbell2076e5c2019-05-06 16:29:38 -0700430file backed page, or shmem if device page is used for shared memory). This is a
Ralph Campbell76ea4702018-04-10 16:28:11 -0700431deliberate choice to keep existing applications, that might start using device
432memory without knowing about it, running unimpacted.
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700433
Jérôme Glissee8eddfd2018-04-10 16:29:16 -0700434A drawback is that the OOM killer might kill an application using a lot of
Ralph Campbell76ea4702018-04-10 16:28:11 -0700435device memory and not a lot of regular system memory and thus not freeing much
436system memory. We want to gather more real world experience on how applications
437and system react under memory pressure in the presence of device memory before
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700438deciding to account device memory differently.
439
440
Ralph Campbell76ea4702018-04-10 16:28:11 -0700441Same decision was made for memory cgroup. Device memory pages are accounted
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700442against same memory cgroup a regular page would be accounted to. This does
443simplify migration to and from device memory. This also means that migration
Jérôme Glissee8eddfd2018-04-10 16:29:16 -0700444back from device memory to regular memory cannot fail because it would
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700445go above memory cgroup limit. We might revisit this choice latter on once we
Ralph Campbell76ea4702018-04-10 16:28:11 -0700446get more experience in how device memory is used and its impact on memory
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700447resource control.
448
449
Ralph Campbell2076e5c2019-05-06 16:29:38 -0700450Note that device memory can never be pinned by a device driver nor through GUP
Jérôme Glissebffc33e2017-09-08 16:11:19 -0700451and thus such memory is always free upon process exit. Or when last reference
Ralph Campbell76ea4702018-04-10 16:28:11 -0700452is dropped in case of shared memory or file backed memory.