[rds-devel] Re: process death - with outstanding rdma operations
Richard Frank
richard.frank at oracle.com
Mon Jan 21 07:09:26 PST 2008
Or Gerlitz wrote:
> Richard Frank wrote:
>>> From the rdsV3 interface.h "
>>> * Process death: Keys obtained by a process must be invalidated
>>> before any
>>> * memory referenced by the keys is released from the dieing process and
>>> * before anyother process can detect the death of the dead process.
>>> Local
>>> * memory pins must also be released.
>>> We need to cleanup the in-progress rdma ops - and or let them run
>>> down before letting the process go away !
>
> Rick (and Olaf),
>
> I have been following the discussion and Q&A between Olaf and Roland
> over the lists, however, I was not able to see a clear design to take
> care of process death (or bug etc, whatever user space flow that can
> make RDS to leak kernel/HW resources) beyond all the details discussed
> there.
>
> Looking on the v3 document posted by Rick to this list on November 5th
> @ http://oss.oracle.com/pipermail/rds-devel/2007-November/000139.html
> I saw the below references, but I definitely don't think we have a
> closed design here, some not covered issues are:
>
Good points Or - rdsv3.h describes the user interface and expected
behavior - not the driver implementation..
We need to update this doc..
> 1. death of a remote process holding keys sent by local process/es
>
The rdma server does not hold the key - it's given permission to use it
- and the permission can be revoked at anytime 1) explicitly by the
client 2) if the client process dies - by the RDS driver...
It's up to the client side app to decide if / when to revoke keys
(release the keys).
> 2. whether an IB RC connection should be broken b/c one of the
> processes using it has died or leaked resources
>
When a process dies all resources held by the driver must be cleaned up
- this should not need to be doc'd ?
If a client process dies - and it's keys are released - and then
subsequent use by the rdma server gets an access error - that's what we
want - right ?
Breaking the RC is a function of the transport - not the RDS ULP /
interface ?
One addition recently proposed (with patch) is to have per GID RCs -
this isolates behavior to processes that agree to play together....
> and also
>
> 3. no treatment for resource leaks (process that calls get_mr and
> never calls free_mr or remote process getting a keys but never sends
> them back)
>
Why would the RDS driver / ULP deal with a poorly behaved client / rdma
server ? Beyond the resource (key) quota - what else would you do ?
Seems like a app issue ?
> 4. no limitation on how many registrations a process can do
>
We need to limit the keys allocated by a process - one proposal
discussed is to overload mlock - an alternative is to have a per socket
limit similar to so_snd/rcv... via a new ioctl... I prefer the later -
as the key pool is a very limited resource - or is it ?
> 5. etc
>
> I would be very productive, I think, to have some text with a design
> or sketch of design to handle at least 1 && 2 above, my feeling is
> that now its more of a designing while coding/debugging...
>
> Or
>
>> 182 * Pinning of VA for the RDMA buffer for which the client
>> obtains an FMR key - 183 * is done within rds_get_mr(va). This
>> memory must stay pinned until the client
>> 184 * calls rds_free_mr(va) - or the process dies - in which
>> case 185 * the driver must clean up the pins.
>
>> 193 * Process death: Keys obtained by a process must be
>> invalidated before any 194 * memory referenced by the keys is
>> released from the dieing process and
>> 195 * before another process can detect the death of the dead
>> process. Local 196 * memory pins must also be released.
>
>> 256 * Cleanup at process death. The RDS driver must detect
>> process death
>> 257 * and free memory regions plus unpin memory held by
>> the dieing process. 258 * All resources must be cleaned up
>> before any other process can detect
>> 259 * the death of the dieing process. Further, the memory
>> regions freed
>> 260 * must be invalidated and the invalidations must be
>> flushed thru to
>> 261 * HCA.
>
More information about the rds-devel
mailing list