Hi Jason, We've become interested again in enabling P2PDMA transactions with userspace RDMA and the NVMe CMBs we are already exporting to userspace from our previous work. Enabling FOLL_PCI_P2PDMA in ib_umem_get is almost a trivial change, but there are two issues holding us back. The biggest issue is that we disallowed FOLL_LONGTERM with FOLL_PCI_P2PDMA out of concern that P2PDMA had the same problem as fs-dax. See [1] to review the discussion from 2 years ago. However, in trying to understand the problem again, I'm not sure that concern was valid. In P2PDMA, unmap_mapping_range() is strictly only called on driver unbind when everything is getting torn down[2]. The next thing that happens immediately after the unmap is the tear down of the pgmap which drops the elevated reference on the pages and waits for all page's reference counts to go back to zero. This will effectively wait until all longterm pins involving the memory have been released. This can cause a hang on unbind but, in your words, its "annoying not critical". Even if unmap_mapping_range() was happening outside of teardown, the P2PDMA code isn't like a regular filesystem in that it fully supports the elevated reference counts in the pgmap code and pages cannot be reused until the pin releases its reference counts and the count returns back to one. So I don't really see how there can be a UAF concern with this. Unless I'm really missing something, it seems P2PDMA does not have the same concern as fs-dax and I think it is safe to remove that restriction. Any objections? The other issue we hit when enabling this feature is the check for vma_needs_dirty_tracking() in writable_file_mapping_allowed() during the gup flow. This hits because the p2pdma code is using the common sysfs/kernfs infrastructure to create the VMA which installs a page_mkwrite operator()[4] to change the file update time on write. I don't think this feature really makes any sense for the P2PDMA sysfs file which is really operating as an allocator in userspace -- the time on the file does not really need to reflect the last write of some process that wrote to memory allocated using it. So I think removing the operator for P2PDMA makes sense, it's just a matter of creating the plumbing that allows P2PDMA to indicate this to kernfs. There may be a certain amount of bikeshedding on how this might be done, but it doesn't seem terribly complicated. Thoughts? Logan [1] https://lore.kernel.org/all/Yy4Ot5MoOhsgYLTQ@xxxxxxxx/T/#u [2] https://elixir.bootlin.com/linux/v6.8.8/source/drivers/pci/p2pdma.c#L333 [3] https://elixir.bootlin.com/linux/v6.8.8/source/mm/gup.c#L1029 [4] https://elixir.bootlin.com/linux/v6.8.8/source/fs/kernfs/file.c#L435
