Re: [PATCH RFC 00/10] RDMA/FS DAX truncate proposal

From: Jason Gunthorpe
Date: Wed Jun 12 2019 - 15:19:04 EST

Next message: Qian Cai: "[PATCH -next] mm/hotplug: skip bad PFNs from pfn_to_online_page()"
Previous message: Jeffrey Hugo: "[PATCH v5 6/6] arm64: dts: qcom: msm8998: Add mmcc node"
In reply to: Jan Kara: "Re: [PATCH RFC 00/10] RDMA/FS DAX truncate proposal"
Next in thread: Ira Weiny: "Re: [PATCH RFC 00/10] RDMA/FS DAX truncate proposal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jun 12, 2019 at 02:09:07PM +0200, Jan Kara wrote:
> On Wed 12-06-19 08:47:21, Jason Gunthorpe wrote:
> > On Wed, Jun 12, 2019 at 12:29:17PM +0200, Jan Kara wrote:
> >
> > > > > The main objection to the current ODP & DAX solution is that very
> > > > > little HW can actually implement it, having the alternative still
> > > > > require HW support doesn't seem like progress.
> > > > >
> > > > > I think we will eventually start seein some HW be able to do this
> > > > > invalidation, but it won't be universal, and I'd rather leave it
> > > > > optional, for recovery from truely catastrophic errors (ie my DAX is
> > > > > on fire, I need to unplug it).
> > > >
> > > > Agreed. I think software wise there is not much some of the devices can do
> > > > with such an "invalidate".
> > >
> > > So out of curiosity: What does RDMA driver do when userspace just closes
> > > the file pointing to RDMA object? It has to handle that somehow by aborting
> > > everything that's going on... And I wanted similar behavior here.
> >
> > It aborts *everything* connected to that file descriptor. Destroying
> > everything avoids creating inconsistencies that destroying a subset
> > would create.
> >
> > What has been talked about for lease break is not destroying anything
> > but very selectively saying that one memory region linked to the GUP
> > is no longer functional.
>
> OK, so what I had in mind was that if RDMA app doesn't play by the rules
> and closes the file with existing pins (and thus layout lease) we would
> force it to abort everything. Yes, it is disruptive but then the app didn't
> obey the rule that it has to maintain file lease while holding pins. Thus
> such situation should never happen unless the app is malicious / buggy.

We do have the infrastructure to completely revoke the entire
*content* of a FD (this is called device disassociate). It is
basically close without the app doing close. But again it only works
with some drivers. However, this is more likely something a driver
could support without a HW change though.

It is quite destructive as it forcibly kills everything RDMA related
the process(es) are doing, but it is less violent than SIGKILL, and
there is perhaps a way for the app to recover from this, if it is
coded for it.

My preference would be to avoid this scenario, but if it is really
necessary, we could probably build it with some work.

The only case we use it today is forced HW hot unplug, so it is rarely
used and only for an 'emergency' like use case.

Jason

Next message: Qian Cai: "[PATCH -next] mm/hotplug: skip bad PFNs from pfn_to_online_page()"
Previous message: Jeffrey Hugo: "[PATCH v5 6/6] arm64: dts: qcom: msm8998: Add mmcc node"
In reply to: Jan Kara: "Re: [PATCH RFC 00/10] RDMA/FS DAX truncate proposal"
Next in thread: Ira Weiny: "Re: [PATCH RFC 00/10] RDMA/FS DAX truncate proposal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]