From: Dan Williams <dan.j.williams@intel.com>
To: Christoph Hellwig <hch@infradead.org>,
Dan Williams <dan.j.williams@intel.com>
Cc: Christoph Hellwig <hch@infradead.org>,
Dennis.Wu <dennis.wu@intel.com>, <nvdimm@lists.linux.dev>,
<vishal.l.verma@intel.com>, <dave.jiang@intel.com>,
<ira.weiny@intel.com>
Subject: Re: [PATCH] ACPI/NFIT: Add no_deepflush param to dynamic control flush operation
Date: Tue, 20 Sep 2022 12:30:57 -0700 [thread overview]
Message-ID: <632a14f153dfd_2a6ded29444@dwillia2-xfh.jf.intel.com.notmuch> (raw)
In-Reply-To: <YtefnyIvY9OdrVU5@infradead.org>
Christoph Hellwig wrote:
[..]
> > Otherwise, by default the kernel should default to taking as much care
> > as possible to push writes to the smallest failure domain possible.
>
> In which case we need remve the device dax direct map and MAP_SYNC.
> Reducing the failure domain is not what fsync or REQ_OP_FLUSH are
> about, they are about making changes durable. How durable is up to
> your device implementation. But if you trust it only a little you
> should not offer that half way option to start with.
That's a good point, but (with my Linux kernel developer hat on) I would
flip it around and make this the platform vendor's problem. If the
platform vendor has validated ADR* and that platform power supplies
maintain stable power in a powerloss scenario, then 'deepflush' is a
complete nop, why publish a flush mechanism?
In other words, unless the platform vendor has no confidence in the
standard durability model (persistence / durability at global visibility
outside the CPU cache) it should skip publishing these flush hints in
the ACPI NFIT table.
The recourse for an end user whose vendor has published this mechanism
in error is to talk to their BIOS vendor to turn off the flush
capability, or use the ACPI table override mechanism to edit out the
flush capability.
I will also note that CXL has done away with this software flush concept
and defines a standard Global Persistence Flush mechanism in the
protocol that fires at impending power-loss events.
* ADR: Asynchronous DRAM refresh, a platform signal to flush write
buffers in the device upon detection of power-loss.
next prev parent reply other threads:[~2022-09-20 19:31 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-29 8:31 [PATCH] ACPI/NFIT: Add no_deepflush param to dynamic control flush operation Dennis.Wu
2022-06-29 15:27 ` Christoph Hellwig
2022-07-13 1:25 ` Dan Williams
2022-07-20 6:24 ` Christoph Hellwig
2022-09-20 3:08 ` Wu, Dennis
2022-09-20 11:46 ` Christoph Hellwig
2022-09-20 19:30 ` Dan Williams [this message]
2022-10-20 6:23 ` Wu, Dennis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=632a14f153dfd_2a6ded29444@dwillia2-xfh.jf.intel.com.notmuch \
--to=dan.j.williams@intel.com \
--cc=dave.jiang@intel.com \
--cc=dennis.wu@intel.com \
--cc=hch@infradead.org \
--cc=ira.weiny@intel.com \
--cc=nvdimm@lists.linux.dev \
--cc=vishal.l.verma@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox