Jason Gunthorpe <jgg@xxxxxxxx> writes: > On Wed, Oct 16, 2024 at 04:10:53PM +1100, Alistair Popple wrote: >> On that note how is the refcounting of the returned p2pdma page expected >> to work? We don't want the driver calling hmm_range_fault() to be able >> to pin the page with eg. get_page(), so the returned p2pdma page should >> have a zero refcount to enforce that. > > I think that is just the rule for hmm stuff in general, don't touch > the refcount. Actually I think the rule should be don't look at the page at all. hmm_range_fault() is about mirroring PTEs, no assumption should even be made about the existence or otherwise of a struct page. > We don't need to enforce, it we don't know what else the driver will > want to use that P2P page for after all. It might stick it in a VMA > for some unrelated reason. And wouldn't that touch the refcount and therefore be wrong? How is the driver which handed out the P2PDMA page meant to ensure it can free/evict the underlying device private memory in this case? Normally this would happen by migration, which would trigger an MMU notifier on the virtual address. But if the P2PDMA page has been mapped into another VMA how does it drop the reference on the P2PDMA page? - Alistair > Jason