Clear affine slots when dropping a Module (#5321)
* Clear affine slots when dropping a `Module` This commit implements a resource usage optimization for Wasmtime with the pooling instance allocator by ensuring that when a `Module` is dropped its backing virtual memory mappings are all removed. Currently when a `Module` is dropped it releases a strong reference to its internal memory image but the memory image may stick around in individual pooling instance allocator slots. When using the `Random` allocation strategy, for example, this means that the memory images could stick around for a long time. While not a pressing issue this has resource usage implications for Wasmtime. Namely removing a `Module` does not guarantee the memfd, if in use for a memory image, is closed and deallocated within the kernel. Unfortunately simply closing the memfd is not sufficient as well as the mappings into the address space additionally all need to be removed for the kernel to release the resources for the memfd. This means that to release all kernel-level resources for a `Module` all slots which have the memory image mapped in must have the slot reset. This problem isn't particularly present when using the `NextAvailable` allocation strategy since the number of lingering memfds is proportional to the maximum concurrent size of wasm instances. With the `Random` and `ReuseAffinity` strategies, however, it's much more prominent because the number of lingering memfds can reach the total number of slots available. This can appear as a leak of kernel-level memory which can cause other system instability. To fix this issue this commit adds necessary instrumentation to `Drop for Module` to purge all references to the module in the pooling instance allocator. All index allocation strategies now maintain affinity tracking to ensure that regardless of the strategy in use a module that is dropped will remove all its memory mappings. A new allocation method was added to the index allocator for allocating an index without setting affinity and only allocating affine slots. This is used to iterate over all the affine slots without holding the global index lock for an unnecessarily long time while mappings are removed. * Review comments
This commit is contained in:
Alex Crichton
@@ -499,14 +499,8 @@ impl MemoryImageSlot {
|
||||
// extent of the prior initialization image in order to preserve
|
||||
// resident memory that might come before or after the image.
|
||||
if self.image.as_ref() != maybe_image {
|
||||
if let Some(image) = &self.image {
|
||||
unsafe {
|
||||
image
|
||||
.remap_as_zeros_at(self.base)
|
||||
.map_err(|e| InstantiationError::Resource(e.into()))?;
|
||||
}
|
||||
self.image = None;
|
||||
}
|
||||
self.remove_image()
|
||||
.map_err(|e| InstantiationError::Resource(e.into()))?;
|
||||
}
|
||||
|
||||
// The next order of business is to ensure that `self.accessible` is
|
||||
@@ -565,6 +559,16 @@ impl MemoryImageSlot {
|
||||
Ok(())
|
||||
}
|
||||
|
||||
pub(crate) fn remove_image(&mut self) -> Result<()> {
|
||||
if let Some(image) = &self.image {
|
||||
unsafe {
|
||||
image.remap_as_zeros_at(self.base)?;
|
||||
}
|
||||
self.image = None;
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Resets this linear memory slot back to a "pristine state".
|
||||
///
|
||||
/// This will reset the memory back to its original contents on Linux or
|
||||
|
||||
Reference in New Issue
Block a user