blob: b28b7f04abb8022a75bb6646c544212562a9c754 [file] [log] [blame]
Pavel Machekd7ae79c2005-09-06 15:16:21 -07001Some warnings, first.
Linus Torvalds1da177e2005-04-16 15:20:36 -07002
3 * BIG FAT WARNING *********************************************************
4 *
Linus Torvalds1da177e2005-04-16 15:20:36 -07005 * If you touch anything on disk between suspend and resume...
6 * ...kiss your data goodbye.
7 *
Pavel Machekd7ae79c2005-09-06 15:16:21 -07008 * If you do resume from initrd after your filesystems are mounted...
9 * ...bye bye root partition.
10 * [this is actually same case as above]
Linus Torvalds1da177e2005-04-16 15:20:36 -070011 *
Pavel Machekd7ae79c2005-09-06 15:16:21 -070012 * If you have unsupported (*) devices using DMA, you may have some
13 * problems. If your disk driver does not support suspend... (IDE does),
14 * it may cause some problems, too. If you change kernel command line
15 * between suspend and resume, it may do something wrong. If you change
16 * your hardware while system is suspended... well, it was not good idea;
17 * but it will probably only crash.
Linus Torvalds1da177e2005-04-16 15:20:36 -070018 *
19 * (*) suspend/resume support is needed to make it safe.
20
21You need to append resume=/dev/your_swap_partition to kernel command
22line. Then you suspend by
23
24echo shutdown > /sys/power/disk; echo disk > /sys/power/state
25
26. If you feel ACPI works pretty well on your system, you might try
27
28echo platform > /sys/power/disk; echo disk > /sys/power/state
29
Rafael J. Wysocki853609b2006-02-01 03:05:07 -080030If you want to limit the suspend image size to N bytes, do
Rafael J. Wysockica0aec02006-01-06 00:15:56 -080031
32echo N > /sys/power/image_size
33
34before suspend (it is limited to 500 MB by default).
Linus Torvalds1da177e2005-04-16 15:20:36 -070035
Pavel Machekd7ae79c2005-09-06 15:16:21 -070036Encrypted suspend image:
37------------------------
38If you want to store your suspend image encrypted with a temporary
39key to prevent data gathering after resume you must compile
40crypto and the aes algorithm into the kernel - modules won't work
41as they cannot be loaded at resume time.
42
Linus Torvalds1da177e2005-04-16 15:20:36 -070043
44Article about goals and implementation of Software Suspend for Linux
45~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
46Author: G‚ábor Kuti
47Last revised: 2003-10-20 by Pavel Machek
48
49Idea and goals to achieve
50
51Nowadays it is common in several laptops that they have a suspend button. It
52saves the state of the machine to a filesystem or to a partition and switches
53to standby mode. Later resuming the machine the saved state is loaded back to
54ram and the machine can continue its work. It has two real benefits. First we
55save ourselves the time machine goes down and later boots up, energy costs
56are real high when running from batteries. The other gain is that we don't have to
57interrupt our programs so processes that are calculating something for a long
58time shouldn't need to be written interruptible.
59
60swsusp saves the state of the machine into active swaps and then reboots or
61powerdowns. You must explicitly specify the swap partition to resume from with
62``resume='' kernel option. If signature is found it loads and restores saved
63state. If the option ``noresume'' is specified as a boot parameter, it skips
64the resuming.
65
66In the meantime while the system is suspended you should not add/remove any
67of the hardware, write to the filesystems, etc.
68
69Sleep states summary
70====================
71
72There are three different interfaces you can use, /proc/acpi should
73work like this:
74
75In a really perfect world:
76echo 1 > /proc/acpi/sleep # for standby
77echo 2 > /proc/acpi/sleep # for suspend to ram
78echo 3 > /proc/acpi/sleep # for suspend to ram, but with more power conservative
79echo 4 > /proc/acpi/sleep # for suspend to disk
80echo 5 > /proc/acpi/sleep # for shutdown unfriendly the system
81
82and perhaps
83echo 4b > /proc/acpi/sleep # for suspend to disk via s4bios
84
85Frequently Asked Questions
86==========================
87
88Q: well, suspending a server is IMHO a really stupid thing,
89but... (Diego Zuccato):
90
91A: You bought new UPS for your server. How do you install it without
92bringing machine down? Suspend to disk, rearrange power cables,
93resume.
94
95You have your server on UPS. Power died, and UPS is indicating 30
96seconds to failure. What do you do? Suspend to disk.
97
Linus Torvalds1da177e2005-04-16 15:20:36 -070098
99Q: Maybe I'm missing something, but why don't the regular I/O paths work?
100
101A: We do use the regular I/O paths. However we cannot restore the data
102to its original location as we load it. That would create an
103inconsistent kernel state which would certainly result in an oops.
104Instead, we load the image into unused memory and then atomically copy
105it back to it original location. This implies, of course, a maximum
106image size of half the amount of memory.
107
108There are two solutions to this:
109
110* require half of memory to be free during suspend. That way you can
111read "new" data onto free spots, then cli and copy
112
113* assume we had special "polling" ide driver that only uses memory
114between 0-640KB. That way, I'd have to make sure that 0-640KB is free
115during suspending, but otherwise it would work...
116
117suspend2 shares this fundamental limitation, but does not include user
118data and disk caches into "used memory" by saving them in
119advance. That means that the limitation goes away in practice.
120
121Q: Does linux support ACPI S4?
122
123A: Yes. That's what echo platform > /sys/power/disk does.
124
Linus Torvalds1da177e2005-04-16 15:20:36 -0700125Q: What is 'suspend2'?
126
127A: suspend2 is 'Software Suspend 2', a forked implementation of
128suspend-to-disk which is available as separate patches for 2.4 and 2.6
129kernels from swsusp.sourceforge.net. It includes support for SMP, 4GB
130highmem and preemption. It also has a extensible architecture that
131allows for arbitrary transformations on the image (compression,
132encryption) and arbitrary backends for writing the image (eg to swap
133or an NFS share[Work In Progress]). Questions regarding suspend2
134should be sent to the mailing list available through the suspend2
135website, and not to the Linux Kernel Mailing List. We are working
136toward merging suspend2 into the mainline kernel.
137
138Q: A kernel thread must voluntarily freeze itself (call 'refrigerator').
139I found some kernel threads that don't do it, and they don't freeze
140so the system can't sleep. Is this a known behavior?
141
142A: All such kernel threads need to be fixed, one by one. Select the
143place where the thread is safe to be frozen (no kernel semaphores
144should be held at that point and it must be safe to sleep there), and
145add:
146
Linus Torvalds2031d0f2005-06-25 17:16:53 -0700147 try_to_freeze();
Linus Torvalds1da177e2005-04-16 15:20:36 -0700148
149If the thread is needed for writing the image to storage, you should
Pavel Machekfc5fb2c2005-06-25 14:55:07 -0700150instead set the PF_NOFREEZE process flag when creating the thread (and
151be very carefull).
Linus Torvalds1da177e2005-04-16 15:20:36 -0700152
153
154Q: What is the difference between between "platform", "shutdown" and
155"firmware" in /sys/power/disk?
156
157A:
158
159shutdown: save state in linux, then tell bios to powerdown
160
161platform: save state in linux, then tell bios to powerdown and blink
162 "suspended led"
163
164firmware: tell bios to save state itself [needs BIOS-specific suspend
165 partition, and has very little to do with swsusp]
166
167"platform" is actually right thing to do, but "shutdown" is most
168reliable.
169
170Q: I do not understand why you have such strong objections to idea of
171selective suspend.
172
173A: Do selective suspend during runtime power managment, that's okay. But
174its useless for suspend-to-disk. (And I do not see how you could use
175it for suspend-to-ram, I hope you do not want that).
176
177Lets see, so you suggest to
178
179* SUSPEND all but swap device and parents
180* Snapshot
181* Write image to disk
182* SUSPEND swap device and parents
183* Powerdown
184
185Oh no, that does not work, if swap device or its parents uses DMA,
186you've corrupted data. You'd have to do
187
188* SUSPEND all but swap device and parents
189* FREEZE swap device and parents
190* Snapshot
191* UNFREEZE swap device and parents
192* Write
193* SUSPEND swap device and parents
194
195Which means that you still need that FREEZE state, and you get more
196complicated code. (And I have not yet introduce details like system
197devices).
198
199Q: There don't seem to be any generally useful behavioral
200distinctions between SUSPEND and FREEZE.
201
202A: Doing SUSPEND when you are asked to do FREEZE is always correct,
203but it may be unneccessarily slow. If you want USB to stay simple,
204slowness may not matter to you. It can always be fixed later.
205
206For devices like disk it does matter, you do not want to spindown for
207FREEZE.
208
209Q: After resuming, system is paging heavilly, leading to very bad interactivity.
210
211A: Try running
212
213cat `cat /proc/[0-9]*/maps | grep / | sed 's:.* /:/:' | sort -u` > /dev/null
214
Adrian Bunka58a4142006-01-10 00:08:17 +0100215after resume. swapoff -a; swapon -a may also be useful.
Pavel Machekfc5fb2c2005-06-25 14:55:07 -0700216
217Q: What happens to devices during swsusp? They seem to be resumed
218during system suspend?
219
220A: That's correct. We need to resume them if we want to write image to
221disk. Whole sequence goes like
222
223 Suspend part
224 ~~~~~~~~~~~~
225 running system, user asks for suspend-to-disk
226
227 user processes are stopped
228
229 suspend(PMSG_FREEZE): devices are frozen so that they don't interfere
230 with state snapshot
231
232 state snapshot: copy of whole used memory is taken with interrupts disabled
233
234 resume(): devices are woken up so that we can write image to swap
235
236 write image to swap
237
238 suspend(PMSG_SUSPEND): suspend devices so that we can power off
239
240 turn the power off
241
242 Resume part
243 ~~~~~~~~~~~
244 (is actually pretty similar)
245
246 running system, user asks for suspend-to-disk
247
248 user processes are stopped (in common case there are none, but with resume-from-initrd, noone knows)
249
250 read image from disk
251
252 suspend(PMSG_FREEZE): devices are frozen so that they don't interfere
253 with image restoration
254
255 image restoration: rewrite memory with image
256
257 resume(): devices are woken up so that system can continue
258
259 thaw all user processes
260
261Q: What is this 'Encrypt suspend image' for?
262
263A: First of all: it is not a replacement for dm-crypt encrypted swap.
264It cannot protect your computer while it is suspended. Instead it does
265protect from leaking sensitive data after resume from suspend.
266
267Think of the following: you suspend while an application is running
268that keeps sensitive data in memory. The application itself prevents
269the data from being swapped out. Suspend, however, must write these
270data to swap to be able to resume later on. Without suspend encryption
271your sensitive data are then stored in plaintext on disk. This means
272that after resume your sensitive data are accessible to all
273applications having direct access to the swap device which was used
274for suspend. If you don't need swap after resume these data can remain
275on disk virtually forever. Thus it can happen that your system gets
276broken in weeks later and sensitive data which you thought were
277encrypted and protected are retrieved and stolen from the swap device.
278To prevent this situation you should use 'Encrypt suspend image'.
279
280During suspend a temporary key is created and this key is used to
281encrypt the data written to disk. When, during resume, the data was
282read back into memory the temporary key is destroyed which simply
283means that all data written to disk during suspend are then
284inaccessible so they can't be stolen later on. The only thing that
285you must then take care of is that you call 'mkswap' for the swap
286partition used for suspend as early as possible during regular
287boot. This asserts that any temporary key from an oopsed suspend or
288from a failed or aborted resume is erased from the swap device.
289
290As a rule of thumb use encrypted swap to protect your data while your
291system is shut down or suspended. Additionally use the encrypted
292suspend image to prevent sensitive data from being stolen after
293resume.
Pavel Machek7e958882005-09-03 15:56:56 -0700294
Pavel Machekd7ae79c2005-09-06 15:16:21 -0700295Q: Why can't we suspend to a swap file?
Pavel Machek7e958882005-09-03 15:56:56 -0700296
297A: Because accessing swap file needs the filesystem mounted, and
298filesystem might do something wrong (like replaying the journal)
Pavel Machekd7ae79c2005-09-06 15:16:21 -0700299during mount.
300
301There are few ways to get that fixed:
302
3031) Probably could be solved by modifying every filesystem to support
304some kind of "really read-only!" option. Patches welcome.
305
3062) suspend2 gets around that by storing absolute positions in on-disk
307image (and blocksize), with resume parameter pointing directly to
308suspend header.
309
310Q: Is there a maximum system RAM size that is supported by swsusp?
311
312A: It should work okay with highmem.
313
314Q: Does swsusp (to disk) use only one swap partition or can it use
315multiple swap partitions (aggregate them into one logical space)?
316
317A: Only one swap partition, sorry.
318
319Q: If my application(s) causes lots of memory & swap space to be used
320(over half of the total system RAM), is it correct that it is likely
321to be useless to try to suspend to disk while that app is running?
322
323A: No, it should work okay, as long as your app does not mlock()
324it. Just prepare big enough swap partition.
325
Adrian Bunka58a4142006-01-10 00:08:17 +0100326Q: What information is useful for debugging suspend-to-disk problems?
Pavel Machekd7ae79c2005-09-06 15:16:21 -0700327
328A: Well, last messages on the screen are always useful. If something
329is broken, it is usually some kernel driver, therefore trying with as
330little as possible modules loaded helps a lot. I also prefer people to
331suspend from console, preferably without X running. Booting with
332init=/bin/bash, then swapon and starting suspend sequence manually
333usually does the trick. Then it is good idea to try with latest
334vanilla kernel.
335
336