[LSF/MM/BPF TOPIC] TP4129 KATO correctoins and clarification

[Ballard, Curtis C (HPE Storage)]

On 2/7/25 2:01 AM, Sagi Grimberg wrote:
>>
>> Reading between the lines on the term "best effort" I think that the concern
>> is that the timers don't provide a reliable technique to prevent the ghost
>> write data corruption issue that was discussed at LSF last year.
> 
> Unless the controller is able to reliably upper bound its abort operation of 
> all inflight commands I can't see how this is 100% reliable. Which will likely 
> mean that a healthy margin is taken such that it will not break in practice.

Thanks Sagi - I get this view. If an NVM Subsystem takes that approach then 
the timers will be best effort; though that approach isn't technically spec 
compliant.

The implementation of CQT could be an area where there is a difference in what
is specified and what is implemented (or implementable).  The requirement is
that the controller "shall" stop command processing and clean up within the
time reported as CQT but I know of systems that have corner cases where
stopping processing, and cleaning, up can take a very long time. In those cases 
the storage system vendor ideally would implement some sort of processing 
barrier but even that can be hard. Some vendors may choose to do exactly what
you say and pick a healthy margin such that it is highly unlikely to break in
practice.

Vendors will always have the option to implement a design that they feel is
"close enough". Sometimes I forget that, even though I've done that myself.
Thanks for the reminder.

Curtis