From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 602A63A1DB for ; Sun, 12 Jul 2026 02:25:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.170 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783823118; cv=none; b=rcDHZDltsfOq2Wm2lCSm+0RJe2d1x5/xzTzAattRsU4ITIrCIMeslWZy0DXBerjJsPs6MDr7njFjGCEpiklZhQwRv5aemPOrkknJ+QG9Xjz8o59ZffVEZR0t1lf1qkPI4xE/oGPvviTMIPniyjZLeyySVAG3osWScovD0rBkAgs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783823118; c=relaxed/simple; bh=6GjGe02tejF7WL77Vy6XVsMEcMWdSEI9CKYLMYAL/Hs=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=qel4LoYKFYyYZAue7pOf9+A1rcp93AxK7HGLUhfwE9pWOb493Afz9Zx+WWFXQUB3neygLY+6pguXcjyhXF3r61CFAdceZZ6FESPhiQklshQ8zlRpKMlqDWosBNZsB5sYJ2sLEZNYB9WBGOaJfDySQotB17yCQLTEE1lzs3XZgpQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=purestorage.com; spf=pass smtp.mailfrom=purestorage.com; dkim=pass (2048-bit key) header.d=purestorage.com header.i=@purestorage.com header.b=YjOFZWpu; arc=none smtp.client-ip=209.85.214.170 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=purestorage.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=purestorage.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=purestorage.com header.i=@purestorage.com header.b="YjOFZWpu" Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-2cacb8416a1so17903115ad.1 for ; Sat, 11 Jul 2026 19:25:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=purestorage.com; s=google2022; t=1783823116; x=1784427916; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to:content-type; bh=33htQlp1eahVTS4hIDwWZa8cpMgaahnmJhYr8QovReE=; b=YjOFZWpu1NUZEzFbT7Kpgngl2LDBMvKA5HF5nJMLD0dgnGEgRDL3qR0lYEYMz3UvKJ 2O8Td4+QpHE6yUakRdfAONgzqqRv9PnPPzqhViUQjXWDSBCIS/u7Fon6oDGjwdRFQ0jk iPvRx6fjiRbUhpWsuYfG1xbzcAO93kHWtnNa4vghpisa3PRPopj88tugsLzOXSuMASgq Wp3TL+ne9s+j+5JcikWzfRVsYiwJapxD1MNbP2craLhUrRu7Qozo+I2x2AjbLUJ8rjMI 7Lb5STzD54QLn9eePJhE3iUIwLxK1b3uY0aE5KIoggRJWBEncTRqgikS7kpQeuh+P/LS xS5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783823116; x=1784427916; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to:content-type; bh=33htQlp1eahVTS4hIDwWZa8cpMgaahnmJhYr8QovReE=; b=oEdH76QYMTkkjdgwY6JCKzUvYej4Yznh8JcXIlVII3NZzMLeLybX67YBX9RrIZaypc XWe7ajgPmqqntrr2RErOZ9Wp2x3EiGtbp51P7iRemmrCuGdS+G0/TuF2CnBGOL7gy0Pd PQW7Hri3j49ggZ37SsE0Ri5355vOcImapMy0vTBm7T1bmc72aQU51dpeCUkz+6CpxdxF lESinkx4S2HNGhvdxshNrTcHyBSEzIW0BlrYWsx2w9nR5H9qpTpwt8hFExBt4/cnzaXc LJ5uYIxgpC90Y2CaBRUJNGEUeRWp0S9njh39xCTQyrlQ5k/9rncGPoBKvRFZeJEIg1/7 gxNQ== X-Forwarded-Encrypted: i=1; AHgh+Roa3S23iwSA9/bJaeoYn9A8FEE0ErXhyIcr7dB5RwgTp5TWGXrsa+AG61Vl7SC7FKFThEuSulYUGDnDYAw=@vger.kernel.org X-Gm-Message-State: AOJu0Yx6A+PcIRFaeXj24BBy3b0KCQOTiClBhKHqUrQvMmhaQ63C1h9o fnlU5j6YXv+YZu6TUhXRX2G/FFi+TOSKVo+4nhhuxJQZZr06PxVe+GWr2Qu0sCIY4+k= X-Gm-Gg: AfdE7cl/8BosMBUw0s1ajy+668hkJJUxxVvpfsvmPFGkZK4muHUyUr3adner8STQyJq 4ty64e3yBXdDV0F3PAYNp20yF5Vnwa6sJX2ECzntoS5FqBQ3s2jWmnvaqLp9u8hRxp8DW2wS9tt M1Ir5a7k3ht8ip0pht/ZILz4CT5Cg8LF6rYrVw2j3npTBKkNoYB1NhbKmXwmFk+3jhXOs6vRAyx nCeaV/UFaKUSQHcEfzRZtDAUCJeWDIVal3J3lhaa11IEsJ3MRCbuE74jwxVUaFRipRxXpt7BBTC iehYkD7dbufoeKJh5kteRBisdhOE3PKFyPY14x90+XWAtpjfVfsuRwGfHiqKsqelcG/fMxMwGFD 5LVbfZSVo1f0X61oZYV15HYHriRsfbv+s6CZPc3FZC5BNI0lYHiPTNafjNSAA/wOCvQIAVcwaVe rODrLa X-Received: by 2002:a05:6a21:9d91:b0:3c0:9c1a:894d with SMTP id adf61e73a8af0-3c110b333a3mr4482408637.69.1783823115450; Sat, 11 Jul 2026 19:25:15 -0700 (PDT) Received: from ceto.lan ([2607:fb90:9c20:2264::1c31]) by smtp.googlemail.com with ESMTPSA id 5a478bee46e88-3117462f5c7sm60704693eec.0.2026.07.11.19.25.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 11 Jul 2026 19:25:14 -0700 (PDT) From: Mohamed Khalfella To: Justin Tee , Naresh Gottumukkala , Paul Ely , Chaitanya Kulkarni , Christoph Hellwig , Jens Axboe , Keith Busch , Sagi Grimberg , James Smart , Hannes Reinecke , Randy Jennings , Dhaval Giani Cc: Aaron Dailey , linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org, Mohamed Khalfella Subject: [PATCH v5 00/16] TP8028 Rapid Path Failure Recovery Date: Sat, 11 Jul 2026 19:23:21 -0700 Message-ID: <20260712022437.3743117-1-mkhalfella@purestorage.com> X-Mailer: git-send-email 2.54.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit This patchset adds support for TP8028 Rapid Path Failure Recovery for both the nvme target and initiator. Rapid Path Failure Recovery brings Cross-Controller Reset (CCR) functionality to nvme. This allows an nvme host to send an nvme command to a source nvme controller to reset the impacted nvme controller, provided that both source and impacted controllers are in the same nvme subsystem. The main use of CCR is when one path to the nvme subsystem fails. Inflight IOs on the impacted nvme controller need to be terminated first before they can be retried on another path. Otherwise, data corruption may happen. CCR provides a quick way to terminate these IOs on the unreachable nvme controller, allowing recovery to move quickly and avoid unnecessary delays. In case CCR is not possible, inflight requests are held for a duration defined by TP4129 KATO Corrections and Clarifications before they are allowed to be retried. On the target side: * New struct members have been added to support CCR. struct nvme_id_ctrl has been updated with CIU (Controller Instance Uniquifier), CIRN (Controller Instance Random Number), and CQT (Command Quiesce Time). The combination of CIU, CNTLID, and CIRN is used to identify the impacted controller in the CCR command. * The CCR nvme command implemented on the target causes the impacted controller to fail and drop its connections to the host. * The CCR log page contains the status of pending CCR requests. An entry is added to the log page after a CCR request is validated. Completed CCR requests are removed from the log page when the controller becomes ready or when requested in the Get Log Page command. * An AEN is sent when a CCR completes to let the host know that it is safe to retry inflight requests. On the host side: * CIU, CIRN, and CQT have been added to struct nvme_ctrl. CIU and CIRN have been added to sysfs to make the values visible to the user. CIU and CIRN can be used to construct and manually send admin-passthru CCR commands. * New controller states FENCING and FENCED have been added to make sure that inflight requests do not get canceled if they time out during the fencing process. FENCED exists so that the controller state machine does not have a transition from FENCING to RESETTING. Instead, FENCING -> FENCED -> RESETTING. This prevents a controller being fenced from getting reset. Only after fencing finishes is the impacted controller reset. * Controller recovery in nvme_fence_ctrl() is invoked when a LIVE controller hits an error or when a request times out. CCR is attempted first to reset the impacted controller. If it fails, inflight requests are held until it is safe to retry them. * Updated the nvme fabric transports nvme-tcp, nvme-rdma, and nvme-fc to use CCR recovery. Ideally, all inflight requests should be held during controller recovery and only retried after recovery is done. However, there are known situations where that is not the case in this implementation. These gaps will be addressed in future patches: * A manual controller reset from sysfs will result in the controller going to the RESETTING state and all inflight requests being canceled immediately, and they may be retried on another path. * A manual controller delete from sysfs will also result in all inflight requests being canceled immediately, and they may be retried on another path. * In nvme-fc, the nvme controller will be deleted if the remote port disappears with no timeout specified. This results in immediate cancellation of requests that may be retried on another path. * In nvme-rdma, if the HCA is removed, all nvme controllers will be deleted. This results in canceling inflight IOs, and they may be retried on another path. Changes from v4: - nvmet: Implement CCR nvme command - Validate transfer length at the start of nvmet_execute_cross_ctrl_reset() - Match the impacted controller on hostnqn in addition to cntlid in nvmet_ctrl_find_get_ccr() - Dropped a stray semicolon after the list_for_each_entry loop - nvmet: Implement CCR logpage - Use kzalloc_obj() instead of kzalloc() - Rename the loop-local status to ccr_status to avoid shadowing - nvme: Rapid Path Failure Recovery read controller identify fields - Store CCRL as a plain u8 ccrl instead of an atomic_t ccr_limit - nvme: Implement cross-controller reset recovery - nvme_fence_ctrl() now returns the remaining wait time again instead of success/failure: 0 on CCR success or on fencing timeout, and the remaining jiffies when no source controller is available, so the caller can fall back to time-based recovery - On a per-path CCR failure, keep trying the remaining paths until the deadline instead of returning immediately - Rework the concurrency accounting to an up-counter ctrl->ccr_used checked against the ccrl limit instead of the ccr_limit countdown atomic. This was reworked because of a potential race condition: sctrl goes through nvme_init_identify(), which sets ctrl->ccr_limit, and then nvme_put_ctrl_ccr() increments it afterward. - Take ctrl->lock before checking state / accounting and use the nvme_ctrl_state() accessor - nvme: Implement cross-controller reset completion - Use kmalloc_obj() instead of kmalloc() - Cap the number of walked log entries at NVMF_CCR_PER_PAGE - nvme-tcp: Use CCR to recover controller that hits an error - nvme-rdma: Use CCR to recover controller that hits an error - nvme-fc: Use CCR to recover controller that hits an error - Adjust to the new nvme_fence_ctrl() return value; log "CCR failed, starting error recovery" instead of the errno - nvme-fc: Do not cancel requests in io target before it is initialized - Dropped from the series; it was applied upstream. - nvmet: Add support for CQT to nvme target - nvme: Add support for CQT to nvme host - Re-added the CQT patches that were dropped in v4. CQT (Command Quiesce Time) is exposed as a target subsystem attribute defaulting to 0 and reported in Identify Controller; the host reads it, exposes it via sysfs, and uses it to bound time-based recovery (fenced_work) in nvme-tcp, nvme-rdma, and nvme-fc when CCR is not possible v4: https://lore.kernel.org/all/20260328004518.1729186-1-mkhalfella@purestorage.com/ Mohamed Khalfella (16): nvmet: Rapid Path Failure Recovery set controller identify fields nvmet/debugfs: Export controller CIU and CIRN via debugfs nvmet: Implement CCR nvme command nvmet: Implement CCR logpage nvmet: Send an AEN on CCR completion nvme: Rapid Path Failure Recovery read controller identify fields nvme: Introduce FENCING and FENCED controller states nvme: Implement cross-controller reset recovery nvme: Implement cross-controller reset completion nvme-tcp: Use CCR to recover controller that hits an error nvme-rdma: Use CCR to recover controller that hits an error nvme-fc: Refactor IO error recovery nvme-fc: Use CCR to recover controller that hits an error nvme-fc: Hold inflight requests while in FENCING state nvmet: Add support for CQT to nvme target nvme: Add support for CQT to nvme host drivers/nvme/host/constants.c | 1 + drivers/nvme/host/core.c | 234 ++++++++++++++++++++++++++++++- drivers/nvme/host/fc.c | 241 +++++++++++++++++++++++--------- drivers/nvme/host/nvme.h | 26 ++++ drivers/nvme/host/rdma.c | 63 ++++++++- drivers/nvme/host/sysfs.c | 27 ++++ drivers/nvme/host/tcp.c | 63 ++++++++- drivers/nvme/target/admin-cmd.c | 126 +++++++++++++++++ drivers/nvme/target/configfs.c | 36 +++++ drivers/nvme/target/core.c | 115 ++++++++++++++- drivers/nvme/target/debugfs.c | 21 +++ drivers/nvme/target/nvmet.h | 20 ++- include/linux/nvme.h | 70 +++++++++- 13 files changed, 968 insertions(+), 75 deletions(-) -- 2.54.0