3 =====================================
4 Heterogeneous Memory Management (HMM)
5 =====================================
7 Provide infrastructure and helpers to integrate non-conventional memory (device
8 memory like GPU on board memory) into regular kernel path, with the cornerstone
9 of this being specialized struct page for such memory (see sections 5 to 7 of
12 HMM also provides optional helpers for SVM (Share Virtual Memory), i.e.,
13 allowing a device to transparently access program address coherently with
14 the CPU meaning that any valid pointer on the CPU is also a valid pointer
15 for the device. This is becoming mandatory to simplify the use of advanced
16 heterogeneous computing where GPU, DSP, or FPGA are used to perform various
17 computations on behalf of a process.
19 This document is divided as follows: in the first section I expose the problems
20 related to using device specific memory allocators. In the second section, I
21 expose the hardware limitations that are inherent to many platforms. The third
22 section gives an overview of the HMM design. The fourth section explains how
23 CPU page-table mirroring works and the purpose of HMM in this context. The
24 fifth section deals with how device memory is represented inside the kernel.
25 Finally, the last section presents a new migration helper that allows lever-
26 aging the device DMA engine.
30 Problems of using a device specific memory allocator
31 ====================================================
33 Devices with a large amount of on board memory (several gigabytes) like GPUs
34 have historically managed their memory through dedicated driver specific APIs.
35 This creates a disconnect between memory allocated and managed by a device
36 driver and regular application memory (private anonymous, shared memory, or
37 regular file backed memory). From here on I will refer to this aspect as split
38 address space. I use shared address space to refer to the opposite situation:
39 i.e., one in which any application memory region can be used by a device
42 Split address space happens because device can only access memory allocated
43 through device specific API. This implies that all memory objects in a program
44 are not equal from the device point of view which complicates large programs
45 that rely on a wide set of libraries.
47 Concretely this means that code that wants to leverage devices like GPUs needs
48 to copy object between generically allocated memory (malloc, mmap private, mmap
49 share) and memory allocated through the device driver API (this still ends up
50 with an mmap but of the device file).
52 For flat data sets (array, grid, image, ...) this isn't too hard to achieve but
53 complex data sets (list, tree, ...) are hard to get right. Duplicating a
54 complex data set needs to re-map all the pointer relations between each of its
55 elements. This is error prone and program gets harder to debug because of the
56 duplicate data set and addresses.
58 Split address space also means that libraries cannot transparently use data
59 they are getting from the core program or another library and thus each library
60 might have to duplicate its input data set using the device specific memory
61 allocator. Large projects suffer from this and waste resources because of the
62 various memory copies.
64 Duplicating each library API to accept as input or output memory allocated by
65 each device specific allocator is not a viable option. It would lead to a
66 combinatorial explosion in the library entry points.
68 Finally, with the advance of high level language constructs (in C++ but in
69 other languages too) it is now possible for the compiler to leverage GPUs and
70 other devices without programmer knowledge. Some compiler identified patterns
71 are only do-able with a shared address space. It is also more reasonable to use
72 a shared address space for all other patterns.
75 I/O bus, device memory characteristics
76 ======================================
78 I/O buses cripple shared address spaces due to a few limitations. Most I/O
79 buses only allow basic memory access from device to main memory; even cache
80 coherency is often optional. Access to device memory from CPU is even more
81 limited. More often than not, it is not cache coherent.
83 If we only consider the PCIE bus, then a device can access main memory (often
84 through an IOMMU) and be cache coherent with the CPUs. However, it only allows
85 a limited set of atomic operations from device on main memory. This is worse
86 in the other direction: the CPU can only access a limited range of the device
87 memory and cannot perform atomic operations on it. Thus device memory cannot
88 be considered the same as regular memory from the kernel point of view.
90 Another crippling factor is the limited bandwidth (~32GBytes/s with PCIE 4.0
91 and 16 lanes). This is 33 times less than the fastest GPU memory (1 TBytes/s).
92 The final limitation is latency. Access to main memory from the device has an
93 order of magnitude higher latency than when the device accesses its own memory.
95 Some platforms are developing new I/O buses or additions/modifications to PCIE
96 to address some of these limitations (OpenCAPI, CCIX). They mainly allow two-
97 way cache coherency between CPU and device and allow all atomic operations the
98 architecture supports. Sadly, not all platforms are following this trend and
99 some major architectures are left without hardware solutions to these problems.
101 So for shared address space to make sense, not only must we allow devices to
102 access any memory but we must also permit any memory to be migrated to device
103 memory while device is using it (blocking CPU access while it happens).
106 Shared address space and migration
107 ==================================
109 HMM intends to provide two main features. First one is to share the address
110 space by duplicating the CPU page table in the device page table so the same
111 address points to the same physical memory for any valid main memory address in
112 the process address space.
114 To achieve this, HMM offers a set of helpers to populate the device page table
115 while keeping track of CPU page table updates. Device page table updates are
116 not as easy as CPU page table updates. To update the device page table, you must
117 allocate a buffer (or use a pool of pre-allocated buffers) and write GPU
118 specific commands in it to perform the update (unmap, cache invalidations, and
119 flush, ...). This cannot be done through common code for all devices. Hence
120 why HMM provides helpers to factor out everything that can be while leaving the
121 hardware specific details to the device driver.
123 The second mechanism HMM provides is a new kind of ZONE_DEVICE memory that
124 allows allocating a struct page for each page of the device memory. Those pages
125 are special because the CPU cannot map them. However, they allow migrating
126 main memory to device memory using existing migration mechanisms and everything
127 looks like a page is swapped out to disk from the CPU point of view. Using a
128 struct page gives the easiest and cleanest integration with existing mm mech-
129 anisms. Here again, HMM only provides helpers, first to hotplug new ZONE_DEVICE
130 memory for the device memory and second to perform migration. Policy decisions
131 of what and when to migrate things is left to the device driver.
133 Note that any CPU access to a device page triggers a page fault and a migration
134 back to main memory. For example, when a page backing a given CPU address A is
135 migrated from a main memory page to a device page, then any CPU access to
136 address A triggers a page fault and initiates a migration back to main memory.
138 With these two features, HMM not only allows a device to mirror process address
139 space and keeping both CPU and device page table synchronized, but also lever-
140 ages device memory by migrating the part of the data set that is actively being
144 Address space mirroring implementation and API
145 ==============================================
147 Address space mirroring's main objective is to allow duplication of a range of
148 CPU page table into a device page table; HMM helps keep both synchronized. A
149 device driver that wants to mirror a process address space must start with the
150 registration of an hmm_mirror struct::
152 int hmm_mirror_register(struct hmm_mirror *mirror,
153 struct mm_struct *mm);
154 int hmm_mirror_register_locked(struct hmm_mirror *mirror,
155 struct mm_struct *mm);
158 The locked variant is to be used when the driver is already holding mmap_sem
159 of the mm in write mode. The mirror struct has a set of callbacks that are used
160 to propagate CPU page tables::
162 struct hmm_mirror_ops {
163 /* sync_cpu_device_pagetables() - synchronize page tables
165 * @mirror: pointer to struct hmm_mirror
166 * @update_type: type of update that occurred to the CPU page table
167 * @start: virtual start address of the range to update
168 * @end: virtual end address of the range to update
170 * This callback ultimately originates from mmu_notifiers when the CPU
171 * page table is updated. The device driver must update its page table
172 * in response to this callback. The update argument tells what action
175 * The device driver must not return from this callback until the device
176 * page tables are completely updated (TLBs flushed, etc); this is a
179 void (*update)(struct hmm_mirror *mirror,
180 enum hmm_update action,
185 The device driver must perform the update action to the range (mark range
186 read only, or fully unmap, ...). The device must be done with the update before
187 the driver callback returns.
189 When the device driver wants to populate a range of virtual addresses, it can
192 long hmm_range_snapshot(struct hmm_range *range);
193 long hmm_range_fault(struct hmm_range *range, bool block);
195 The first one (hmm_range_snapshot()) will only fetch present CPU page table
196 entries and will not trigger a page fault on missing or non-present entries.
197 The second one does trigger a page fault on missing or read-only entry if the
198 write parameter is true. Page faults use the generic mm page fault code path
199 just like a CPU page fault.
201 Both functions copy CPU page table entries into their pfns array argument. Each
202 entry in that array corresponds to an address in the virtual range. HMM
203 provides a set of flags to help the driver identify special CPU page table
206 Locking with the update() callback is the most important aspect the driver must
207 respect in order to keep things properly synchronized. The usage pattern is::
209 int driver_populate_range(...)
211 struct hmm_range range;
219 range.pfn_shift = ...;
220 hmm_range_register(&range);
223 * Just wait for range to be valid, safe to ignore return value as we
224 * will use the return value of hmm_range_snapshot() below under the
225 * mmap_sem to ascertain the validity of the range.
227 hmm_range_wait_until_valid(&range, TIMEOUT_IN_MSEC);
230 down_read(&mm->mmap_sem);
231 ret = hmm_range_snapshot(&range);
233 up_read(&mm->mmap_sem);
234 if (ret == -EAGAIN) {
236 * No need to check hmm_range_wait_until_valid() return value
237 * on retry we will get proper error with hmm_range_snapshot()
239 hmm_range_wait_until_valid(&range, TIMEOUT_IN_MSEC);
242 hmm_mirror_unregister(&range);
245 take_lock(driver->update);
247 release_lock(driver->update);
248 up_read(&mm->mmap_sem);
252 // Use pfns array content to update device page table
254 hmm_mirror_unregister(&range);
255 release_lock(driver->update);
256 up_read(&mm->mmap_sem);
260 The driver->update lock is the same lock that the driver takes inside its
261 update() callback. That lock must be held before checking the range.valid
262 field to avoid any race with a concurrent CPU page table update.
264 HMM implements all this on top of the mmu_notifier API because we wanted a
265 simpler API and also to be able to perform optimizations latter on like doing
266 concurrent device updates in multi-devices scenario.
268 HMM also serves as an impedance mismatch between how CPU page table updates
269 are done (by CPU write to the page table and TLB flushes) and how devices
270 update their own page table. Device updates are a multi-step process. First,
271 appropriate commands are written to a buffer, then this buffer is scheduled for
272 execution on the device. It is only once the device has executed commands in
273 the buffer that the update is done. Creating and scheduling the update command
274 buffer can happen concurrently for multiple devices. Waiting for each device to
275 report commands as executed is serialized (there is no point in doing this
279 Leverage default_flags and pfn_flags_mask
280 =========================================
282 The hmm_range struct has 2 fields default_flags and pfn_flags_mask that allows
283 to set fault or snapshot policy for a whole range instead of having to set them
284 for each entries in the range.
286 For instance if the device flags for device entries are:
290 Now let say that device driver wants to fault with at least read a range then
293 range->default_flags = (1 << 63);
294 range->pfn_flags_mask = 0;
296 and calls hmm_range_fault() as described above. This will fill fault all page
297 in the range with at least read permission.
299 Now let say driver wants to do the same except for one page in the range for
300 which its want to have write. Now driver set::
302 range->default_flags = (1 << 63);
303 range->pfn_flags_mask = (1 << 62);
304 range->pfns[index_of_write] = (1 << 62);
306 With this HMM will fault in all page with at least read (ie valid) and for the
307 address == range->start + (index_of_write << PAGE_SHIFT) it will fault with
308 write permission ie if the CPU pte does not have write permission set then HMM
309 will call handle_mm_fault().
311 Note that HMM will populate the pfns array with write permission for any entry
312 that have write permission within the CPU pte no matter what are the values set
313 in default_flags or pfn_flags_mask.
316 Represent and manage device memory from core kernel point of view
317 =================================================================
319 Several different designs were tried to support device memory. First one used
320 a device specific data structure to keep information about migrated memory and
321 HMM hooked itself in various places of mm code to handle any access to
322 addresses that were backed by device memory. It turns out that this ended up
323 replicating most of the fields of struct page and also needed many kernel code
324 paths to be updated to understand this new kind of memory.
326 Most kernel code paths never try to access the memory behind a page
327 but only care about struct page contents. Because of this, HMM switched to
328 directly using struct page for device memory which left most kernel code paths
329 unaware of the difference. We only need to make sure that no one ever tries to
330 map those pages from the CPU side.
332 HMM provides a set of helpers to register and hotplug device memory as a new
333 region needing a struct page. This is offered through a very simple API::
335 struct hmm_devmem *hmm_devmem_add(const struct hmm_devmem_ops *ops,
336 struct device *device,
338 void hmm_devmem_remove(struct hmm_devmem *devmem);
340 The hmm_devmem_ops is where most of the important things are::
342 struct hmm_devmem_ops {
343 void (*free)(struct hmm_devmem *devmem, struct page *page);
344 int (*fault)(struct hmm_devmem *devmem,
345 struct vm_area_struct *vma,
352 The first callback (free()) happens when the last reference on a device page is
353 dropped. This means the device page is now free and no longer used by anyone.
354 The second callback happens whenever the CPU tries to access a device page
355 which it cannot do. This second callback must trigger a migration back to
359 Migration to and from device memory
360 ===================================
362 Because the CPU cannot access device memory, migration must use the device DMA
363 engine to perform copy from and to device memory. For this we need a new
366 int migrate_vma(const struct migrate_vma_ops *ops,
367 struct vm_area_struct *vma,
368 unsigned long mentries,
375 Unlike other migration functions it works on a range of virtual address, there
376 are two reasons for that. First, device DMA copy has a high setup overhead cost
377 and thus batching multiple pages is needed as otherwise the migration overhead
378 makes the whole exercise pointless. The second reason is because the
379 migration might be for a range of addresses the device is actively accessing.
381 The migrate_vma_ops struct defines two callbacks. First one (alloc_and_copy())
382 controls destination memory allocation and copy operation. Second one is there
383 to allow the device driver to perform cleanup operations after migration::
385 struct migrate_vma_ops {
386 void (*alloc_and_copy)(struct vm_area_struct *vma,
387 const unsigned long *src,
392 void (*finalize_and_map)(struct vm_area_struct *vma,
393 const unsigned long *src,
394 const unsigned long *dst,
400 It is important to stress that these migration helpers allow for holes in the
401 virtual address range. Some pages in the range might not be migrated for all
402 the usual reasons (page is pinned, page is locked, ...). This helper does not
403 fail but just skips over those pages.
405 The alloc_and_copy() might decide to not migrate all pages in the
406 range (for reasons under the callback control). For those, the callback just
407 has to leave the corresponding dst entry empty.
409 Finally, the migration of the struct page might fail (for file backed page) for
410 various reasons (failure to freeze reference, or update page cache, ...). If
411 that happens, then the finalize_and_map() can catch any pages that were not
412 migrated. Note those pages were still copied to a new page and thus we wasted
413 bandwidth but this is considered as a rare event and a price that we are
414 willing to pay to keep all the code simpler.
417 Memory cgroup (memcg) and rss accounting
418 ========================================
420 For now device memory is accounted as any regular page in rss counters (either
421 anonymous if device page is used for anonymous, file if device page is used for
422 file backed page or shmem if device page is used for shared memory). This is a
423 deliberate choice to keep existing applications, that might start using device
424 memory without knowing about it, running unimpacted.
426 A drawback is that the OOM killer might kill an application using a lot of
427 device memory and not a lot of regular system memory and thus not freeing much
428 system memory. We want to gather more real world experience on how applications
429 and system react under memory pressure in the presence of device memory before
430 deciding to account device memory differently.
433 Same decision was made for memory cgroup. Device memory pages are accounted
434 against same memory cgroup a regular page would be accounted to. This does
435 simplify migration to and from device memory. This also means that migration
436 back from device memory to regular memory cannot fail because it would
437 go above memory cgroup limit. We might revisit this choice latter on once we
438 get more experience in how device memory is used and its impact on memory
442 Note that device memory can never be pinned by device driver nor through GUP
443 and thus such memory is always free upon process exit. Or when last reference
444 is dropped in case of shared memory or file backed memory.
projects / linux-2.6-microblaze.git / blob