From: Steven Dake <sdake@mvista.com>
To: Oliver Neukum <oliver@neukum.name>
Cc: Luben Tuikov <luben@splentec.com>,
Alan Stern <stern@rowland.harvard.edu>,
David Brownell <david-b@pacbell.net>,
Matthew Dharm <mdharm-scsi@one-eyed-alien.net>,
Mike Anderson <andmike@us.ibm.com>, Greg KH <greg@kroah.com>,
linux-usb-devel@lists.sourceforge.net,
Linux SCSI list <linux-scsi@vger.kernel.org>
Subject: A different look at block device hotswap in the Linux kernel
Date: Thu, 23 Jan 2003 13:41:51 -0700 [thread overview]
Message-ID: <3E30538F.4080507@mvista.com> (raw)
In-Reply-To: <200301231919.40422.oliver@neukum.name>
Oliver and others,
In regards to hotswap, any real operating system should be _told_ that a
block device is going to be removed from the top. There are several
reasons.
1) File mounts should be removed from the filesystem layer
2) files accessing block devices directly should be terminated
3) raid members using that block device should be hot removed
4) I'm sure you can think of others :)
The key is that the removal request should come from the top, not the
bottom. If someone is stupid enough to surprise remove a device (ie:
unplug their USB SCSI device while the device is in use by the OS), they
get what they deserve (I/O errors, dirty OS data, queued up requests
which never shut down). If they tell the OS that the device is going to
be removed, so it may flush the device and shut down I/O to the device,
the request should be granted on all accounts (expected removal).
The device driver should not be responsible for managing hotswap in any
regard. Its only purpose should be to tell the block device removal
layer that a surprise extraction was initiated such that the block
device removal code can ask the mid layer drivers to shut down error
correction routines to the device and dump its pending I/O queue and
clean up after the device. The main advantage of this technique is
simplicity (the LLDD's don't have to have repetative logic for each
device driver), genericity (the block device removal code can be
maintained in one place and be guaranteed to ensure the OS is in a
stable state after a device is removed either surprise or expected and
finally it solves the in-flight I/O problem by stopping new I/O to the
device, shutting down I/O to the device, flushing the pending I/O
queues, and killing all references in the OS of the device.
If you think about what your suggesting, your suggesting that the LLDD
tells the scsi layer that the device is gone, that then times out errors
and leaves the filesystem and sys_open/close file tables, and RAID
layers in a state of disarray. We don't want the LLDD knowing about the
RAID system and whether it should tell the RAID layer to hot remove, do we?
I've developed code to do exactly what I have described here (surprise
and expected extractions genericized into one file with one simple call
from userland and a method for lower layers to indicate a surprise
extraction if they have detected one. I'll post as soon as I have time
to make a patch against 2.5 .
Thanks
-steve
Oliver Neukum wrote:
>Am Donnerstag, 23. Januar 2003 18:46 schrieb Luben Tuikov:
>
>
>>Oliver Neukum wrote:
>>
>>
>>>Not all the world is a SAN. USB has no possibility to even try an
>>>interaction after the device is gone. We have to handle this flexibly.
>>>
>>>
>>Thus the example in the original post. I.e. for simple transports whose
>>portals get notified when a device is plugged off (USB), the LLDD
>>can notify SCSI Core, by setting a state variable in scsi_device.
>>In which case SCSI Core can answer with the proper TARGET error code.
>>(This was outlined before, scsi_command->online:1 ...)
>>
>>
>
>Very well, so you agree that the SCSI layer should export to the LLDD
>a function to set devices offline?
>
>
>
>>>In fact, if a device
>>>can vanish without a LLDD knowing about it, this is purely a problem of
>>>the SCSI layer.
>>>
>>>
>>No, of course not. (Think of IP.) When a device vanishes and LLDD doesn't
>>know about it (more complicated transports), the CDB will return with
>>the proper Service Response, since the transport(s) won't be able to
>>deliver it. This will bubble up through SCSI Core and the error returned
>>will have to be the same as that of the simpler transports, as outlined
>>above.
>>
>>
>
>Yes, sorry. To be precise, this means that the LLDD has to do nothing
>special, as it has to implement checking for a failing command anyway.
>But it's not entirely the same. If a command cannot be delivered it may or may
>not be appropriate to start error recovery. After the LLDD has told
>the SCSI layer that it has noticed a device going away, there must be no
>error recovery.
>
>
>
>>>That means that we have to have a way to ensure that no more commands
>>>will reach the LLDD which can be triggered without any commands to be
>>>executed at all. This functionality has to come from the scsi mid layer.
>>>
>>>
>>For simple transports yes; for more complicated ones, the CDB will
>>not be able to be delivered, and will return with error.
>>
>>
>
>Good.
>So the first thing a LLDD has to do after it has learned about a device
>being removed is to have the device block.
>1. set device offline
>But commands may still be in flight.IMHO it is not right to assume that
>all commands now in flight to a device have failed, as some may have
>completed successfully in time, or failed for other reasons than unplugging.
>So it should be the LLDD's responsibility to finish the outstanding commands.
>Furthermore, there's a window for commands already having passed the check
>for offline but not yet being noticed by the LLDD. The simplest solution is to
>use a waiting primitive from RCU. So we are at:
>
>1. set device offline
>2. synchronize the kernel
>3. finish all pending commands
>
>So far with me?
>The LLDD could now forget about the device and be done with it.
>However there's a problem left. The device may come back.
>What happens if a device with the same ID is reconnected?
>
> Regards
> Oliver
>
>-
>To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
>the body of a message to majordomo@vger.kernel.org
>More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
>
>
>
next prev parent reply other threads:[~2003-01-23 20:41 UTC|newest]
Thread overview: 106+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <10426732153816@kroah.com>
[not found] ` <10426732212871@kroah.com>
[not found] ` <20030116093112.B29001@one-eyed-alien.net>
[not found] ` <20030116173539.GA31235@kroah.com>
2003-01-16 19:43 ` [linux-usb-devel] Re: [PATCH] USB changes for 2.5.58 Matthew Dharm
2003-01-16 19:53 ` Greg KH
[not found] ` <20030116195306.GA32697@kroah.com>
2003-01-16 20:10 ` Linus Torvalds
2003-01-16 20:43 ` greg kh
2003-01-16 21:41 ` Linus Torvalds
2003-01-16 22:51 ` Matthew Dharm
2003-01-16 20:40 ` David Brownell
2003-01-16 20:48 ` Mike Anderson
2003-01-16 23:43 ` Oliver Neukum
2003-01-17 8:50 ` Mike Anderson
2003-01-17 10:55 ` Oliver Neukum
2003-01-17 15:06 ` Alan Stern
2003-01-17 18:54 ` Matthew Dharm
2003-01-17 20:25 ` Mike Anderson
2003-01-17 22:07 ` Oliver Neukum
2003-01-17 20:26 ` [linux-usb-devel] " Oliver Neukum
2003-01-17 20:49 ` Mike Anderson
2003-01-20 17:36 ` Luben Tuikov
2003-01-20 18:23 ` Oliver Neukum
2003-01-20 18:56 ` Luben Tuikov
2003-01-20 19:10 ` [linux-usb-devel] " Oliver Neukum
2003-01-20 19:50 ` David Brownell
2003-01-21 3:31 ` Alan
2003-01-21 7:17 ` Oliver Neukum
2003-01-21 11:57 ` [linux-usb-devel] " Douglas Gilbert
2003-01-21 13:48 ` Oliver Neukum
2003-01-21 18:22 ` Luben Tuikov
2003-01-21 13:30 ` James Bottomley
2003-01-20 20:08 ` David Brownell
2003-01-20 20:48 ` [linux-usb-devel] " Oliver Neukum
2003-01-20 21:24 ` David Brownell
2003-01-20 21:51 ` [linux-usb-devel] " Oliver Neukum
2003-01-20 22:26 ` David Brownell
2003-01-20 23:00 ` Oliver Neukum
2003-01-21 0:44 ` David Brownell
2003-01-21 0:50 ` Oliver Neukum
2003-01-21 18:16 ` Luben Tuikov
2003-01-21 19:00 ` Oliver Neukum
2003-01-21 20:02 ` [linux-usb-devel] " Luben Tuikov
2003-01-21 21:02 ` Alan Stern
2003-01-22 21:50 ` Luben Tuikov
2003-01-22 22:46 ` Oliver Neukum
2003-01-23 17:46 ` Luben Tuikov
2003-01-23 18:19 ` Oliver Neukum
2003-01-23 19:07 ` Luben Tuikov
2003-01-23 19:40 ` Oliver Neukum
2003-01-23 20:28 ` Doug Ledford
2003-01-23 20:59 ` Oliver Neukum
2003-01-23 21:34 ` Doug Ledford
2003-01-23 22:39 ` Oliver Neukum
2003-01-23 23:23 ` Doug Ledford
2003-01-23 23:25 ` Matthew Dharm
2003-01-24 15:34 ` Alan Stern
2003-01-24 16:06 ` Oliver Neukum
2003-01-24 17:58 ` [linux-usb-devel] " Doug Ledford
2003-01-24 19:00 ` Luben Tuikov
2003-01-24 22:23 ` Oliver.Neukum
2003-01-24 19:10 ` Luben Tuikov
2003-01-24 19:56 ` [linux-usb-devel] " Alan Stern
2003-01-24 20:11 ` Luben Tuikov
2003-01-24 21:09 ` Luben Tuikov
2003-01-24 21:55 ` Alan Stern
2003-01-24 22:03 ` Luben Tuikov
2003-01-24 23:21 ` Mike Anderson
2003-01-24 21:48 ` Doug Ledford
2003-01-24 22:59 ` Mike Anderson
2003-01-24 23:17 ` [linux-usb-devel] " Doug Ledford
2003-01-25 0:24 ` Luben Tuikov
2003-01-25 1:35 ` Mike Anderson
2003-01-24 23:25 ` Matthew Dharm
2003-01-25 0:05 ` Doug Ledford
2003-01-25 0:45 ` Matthew Dharm
2003-01-25 1:07 ` Doug Ledford
2003-02-02 18:13 ` Matthew Dharm
2003-02-02 20:06 ` Matthew Dharm
2003-02-03 17:17 ` Mike Anderson
2003-02-16 21:18 ` Matthew Dharm
2003-02-17 19:37 ` Mike Anderson
2003-02-17 19:51 ` Patrick Mansfield
2003-02-23 7:48 ` Matthew Dharm
2003-02-26 23:37 ` Mike Anderson
2003-02-27 1:10 ` Matthew Dharm
2003-02-27 6:37 ` Mike Anderson
2003-02-27 19:32 ` Matthew Dharm
2003-03-01 1:41 ` Matthew Dharm
2003-02-02 3:49 ` Matthew Dharm
2003-01-25 1:24 ` Luben Tuikov
2003-01-24 0:15 ` Patrick Mansfield
2003-01-24 8:33 ` David Brownell
2003-01-23 20:41 ` Steven Dake [this message]
2003-01-23 21:07 ` A different look at block device hotswap in the Linux kernel Matthew Jacob
2003-01-23 21:06 ` Steven Dake
2003-01-23 21:16 ` Matthew Jacob
2003-01-24 0:07 ` Oliver Neukum
2003-01-24 0:21 ` Matthew Jacob
2003-01-24 7:53 ` David Brownell
2003-01-24 15:26 ` Matthew Jacob
2003-01-24 0:54 ` Steven Dake
2003-01-24 2:35 ` [linux-usb-devel] " Matthew Dharm
2003-01-22 21:30 ` [linux-usb-devel] Re: [PATCH] USB changes for 2.5.58 David Brownell
2003-01-20 22:16 ` Luben Tuikov
2003-01-20 22:51 ` David Brownell
2003-01-20 23:27 ` Oliver Neukum
2003-01-24 16:36 A different look at block device hotswap in the Linux kernel Cress, Andrew R
2003-01-24 18:01 ` Bryan Henderson
2003-01-24 18:09 ` Matthew Jacob
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3E30538F.4080507@mvista.com \
--to=sdake@mvista.com \
--cc=andmike@us.ibm.com \
--cc=david-b@pacbell.net \
--cc=greg@kroah.com \
--cc=linux-scsi@vger.kernel.org \
--cc=linux-usb-devel@lists.sourceforge.net \
--cc=luben@splentec.com \
--cc=mdharm-scsi@one-eyed-alien.net \
--cc=oliver@neukum.name \
--cc=stern@rowland.harvard.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox