On 2024/6/12 5:55, Jiaqi Yan wrote: > Correctable memory errors are very common on servers with large > amount of memory, and are corrected by ECC. Soft offline is kernel's > additional recovery handling for memory pages having (excessive) > corrected memory errors. Impacted page is migrated to a healthy page > if inuse; the original page is discarded for any future use. >
Thanks for your update. > The actual policy on whether (and when) to soft offline should be > maintained by userspace, especially in case of an 1G HugeTLB page. > Soft-offline dissolves the HugeTLB page, either in-use or free, into > chunks of 4K pages, reducing HugeTLB pool capacity by 1 hugepage. > If userspace has not acknowledged such behavior, it may be surprised > when later mmap hugepages MAP_FAILED due to lack of hugepages. s/mmap hugepages MAP_FAILED/fails to mmap hugepages/ ? > In case of a transparent hugepage, it will be split into 4K pages > as well; userspace will stop enjoying the transparent performance. > > In addition, discarding the entire 1G HugeTLB page only because of > corrected memory errors sounds very costly and kernel better not > doing under the hood. But today there are at least 2 such cases: s/doing/doing so/ ? > 1. GHES driver sees both GHES_SEV_CORRECTED and > CPER_SEC_ERROR_THRESHOLD_EXCEEDED after parsing CPER. > 2. RAS Correctable Errors Collector counts correctable errors per > PFN and when the counter for a PFN reaches threshold > In both cases, userspace has no control of the soft offline performed > by kernel's memory failure recovery. > > This commit gives userspace the control of softofflining any page: > kernel only soft offlines raw page / transparent hugepage / HugeTLB > hugepage if userspace has agreed to. The interface to userspace is a > new sysctl called enable_soft_offline under /proc/sys/vm. By default > enable_soft_line is 1 to preserve existing behavior in kernel. s/enable_soft_line/enable_soft_offline/ > > Signed-off-by: Jiaqi Yan <[email protected]> > --- > mm/memory-failure.c | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/mm/memory-failure.c b/mm/memory-failure.c > index d3c830e817e3..23415fe03318 100644 > --- a/mm/memory-failure.c > +++ b/mm/memory-failure.c > @@ -68,6 +68,8 @@ static int sysctl_memory_failure_early_kill __read_mostly; > > static int sysctl_memory_failure_recovery __read_mostly = 1; > > +static int sysctl_enable_soft_offline __read_mostly = 1; > + > atomic_long_t num_poisoned_pages __read_mostly = ATOMIC_LONG_INIT(0); > > static bool hw_memory_failure __read_mostly = false; > @@ -141,6 +143,15 @@ static struct ctl_table memory_failure_table[] = { > .extra1 = SYSCTL_ZERO, > .extra2 = SYSCTL_ONE, > }, > + { > + .procname = "enable_soft_offline", > + .data = &sysctl_enable_soft_offline, > + .maxlen = sizeof(sysctl_enable_soft_offline), > + .mode = 0644, > + .proc_handler = proc_dointvec_minmax, > + .extra1 = SYSCTL_ZERO, > + .extra2 = SYSCTL_ONE, > + } > }; > > /* > @@ -2771,6 +2782,11 @@ int soft_offline_page(unsigned long pfn, int flags) > bool try_again = true; > struct page *page; > > + if (!sysctl_enable_soft_offline) { > + pr_info("soft offline: %#lx: OS-wide disabled\n", pfn); > + return -EINVAL; > + } > + IMHO, callers might reach here with page refcnt increased. So we have to take care of releasing it first? Also will it be better to return -EOPNOTSUPP or some other better errno? Thanks. .
