15 July
2018

Why embedded systems like the raspberry pi should not allow swapping to an SDcard

SDcard and Flash memory errors



SD card corruption and eventual failure is common on embedded systems like the raspberry pi. I've realize there is a lack of consistent and reliable information on this. This post describes the problem and provides solutions.

This post has 3 parts: description of the problem, practical implications, and tricks to disable swap on the raspberry pi and related linux devices. People who just want a solution can skip to part 3.

Description



In our lab we have a range of systems from expensive underwater robotics to small embedded IoT devices all of which use SD card or flash memory. There are modes of operation that are acceptable on a normal desktop or laptop that will gradually degrade and eventually destroy an embedded device after a few thousand cycles of writing to a given cell. Since the damage is gradual, it can easy to overlook the cause during setup and testing, and just blame it on "bad memory."

The root issue is that solid state memory wears out with successive changes to the contents, and this happens on a per-memory-cell basis. Modern SD and flash memory have sophisticated internal algorithms for "wear levelling" that try to reduce the impact and extend the life of the chips, but these cannot eliminate the problem totally, since it's intrinsic to the physics of the devices. Hard disks, by the way, can also wear out, but not generally as a function of the read-write behaviour. The key idea behind wear levelling it to change the physical location used for frequently-changing data, to spread the use.
[ Technical aside: As of 2011, 25nm MLC NAND lasted for about 3,000 write cycles. As of 2018 some sources suggest that single level cell NAND (SLC) can last for 10,000 cycles ]

For normal use, only a small amount of the device is written at a time and if this is moved around the device it can be many years before the flash memory storage wears out. Without wear levelling it's easy to write a malicious program that "burns through" a specific cell in just a few minutes (although OS cacheing policies also try to preclude this).

Note that there are differences between expensive SD cards and cheap ones. These differences include both the robustness of the memory elements themselves, their speed and also the nature of the wear levelling (e.g static vs dynamic).


Practical implications



Normal file IO will take many years to damage a modern (wear levelled) flash device. Swapping, however, can be much more destructive. The issue is that swapping is a mechanism used by the operating system to compensate for insufficient RAM (memory) and is depends on writing large amounts of data to "disk", and sometimes doing it a lot. This heavy usage could damage a flash device like an SD card in just a few months.

Note that swapping to a "slow device" will also make the system run slow, but on the other hand in can preclude a hard crash that could occur if the system runs out of memory.

The commands below require root (or prefix each command with sudo).

Turning off swapping



dphys-swapfile swapoff
dphys-swapfile uninstall


and also (to make it permanent):

update-rc.d dphys-swapfile remove



Turn off swapping temporarily


The following two lines work (or npt) depending on the kind of linxu distribution you have (i.e does it use systemd):

swapoff -a

systemctl disable dphys-swapfile

Totally disable the swapping mechanism for keeps


apt-get remove dphys-swapfile

Aside from swapping, you can also make the entire filesystem read-only that preventing any writes (but also limiting the kinds of things you can do).


By Gregory Dudek at | Leave a comment |    
<< ICRA 2018 | Main | ICRA2019 >>
Comments
There are no comments.
Post your own response

Each comment is manually screened for the presence of appropriate and substantive content, due to a constant onslaught of comment-spam. This means there may be a delay before your comment appears.


(Some kind of name is required, will be visible)

Required, whatever you enter will be visible to other users.


(Optional, used for "mailto" link)

Your email address is not required, but if you insert it it will be displayed so people can contact you.

Answer this question correctly to demonstrate that you are not a dumb spambot.



The title for your comment.



Your comment goes here. All relevant comments are welcome, except for those that simply promote an irrelevant product or else are used to fraudulently inflate the link count to an irrelevant web page. They appear after moderation. Don't forget to also fill in the captcha below or your text will be rejected automatically!

You must answer this question to prove you are human
The governator said (when in a movie as T2): 'I'll be ... (pick a number): 1:tuckered, 2:broke, 3:back, 4:broken, 5:swartzneggered, 6:eaten, 7:you?

Answer this question correctly to demonstrate that you are not a dumb spambot.