On Wed, Dec 12, 2018 at 3:37 PM Jason Gunthorpe <jgg@xxxxxxxx> wrote: > > On Wed, Dec 12, 2018 at 04:53:49PM -0500, Jerome Glisse wrote: > > > Almost, we need some safety around assuming that DMA is complete the > > > page, so the notification would need to go all to way to userspace > > > with something like a file lease notification. It would also need to > > > be backstopped by an IOMMU in the case where the hardware does not / > > > can not stop in-flight DMA. > > > > You can always reprogram the hardware right away it will redirect > > any dma to the crappy page. > > That causes silent data corruption for RDMA users - we can't do that. > > The only way out for current hardware is to forcibly terminate the > RDMA activity somehow (and I'm not even sure this is possible, at > least it would be driver specific) > > Even the IOMMU idea probably doesn't work, I doubt all current > hardware can handle a PCI-E error TLP properly. My thinking here is that we would at least have the infrastructure for userspace to opt-in to getting the callback, the threat of an IOMMU forcibly tearing down mappings, and likely some identification for pages that are revocable. With "long term" pins I would hope to move any detection of incompatibility to the memory registration phase rather than something unacceptable like injecting random truncate failures.
