[systemd-devel] [dm-devel] RFC: one more time: SCSI device identification
Ewan D. Milne
emilne at redhat.com
Fri Apr 30 23:44:48 UTC 2021
On Wed, 2021-04-28 at 10:09 +1000, Erwin van Londen wrote:
>
> On Tue, 2021-04-27 at 16:41 -0400, Ewan D. Milne wrote:
> > On Tue, 2021-04-27 at 20:33 +0000, Martin Wilck wrote:
> > > On Tue, 2021-04-27 at 16:14 -0400, Ewan D. Milne wrote:
> > > > There's no way to do that, in principle. Because there could
> > > > be
> > > > other I/Os in flight. You might (somehow) avoid retrying an
> > > > I/O
> > > > that got a UA until you figured out if something changed, but
> > > > other
> > > > I/Os can already have been sent to the target, or issued before
> > > > you
> > > > get to look at the status.
>
> If something happens on a storage side where a lun gets it's
> attributes changed (any, doesn't matter which one) a UA should be
> sent. Also all outstanding IO's on that lun should be returning an
> Abort as it can no longer warrant the validity of any IO due to these
> changes. Especially when parameters are involved like reservations
> (PR's) etc. If that does not happen from an array side all bets are
> off as the only way to be able to get back in business is to start
> from scratch.
Perhaps an array might abort I/Os it has received in the Device Server
whensomething changes. I have no idea if most or any arrays actually
do that.
But, what about I/O that has already been queued from the host to
thehost bus adapter? I don't see how we can abort those I/Os
properly.Most high-performance HBAs have a queue of commands and a
queueof responses, there could be lots of commands queued before
wemanage to notice an interesting status. And AFAIK there is no
conditionalmechanism that could hold them off (and, they could be in-
flight on thewire anyway).
I get what you are saying about what SAM describes, I just don't see
howwe can guarantee we don't send any further commands after the
statuswith the UA is sent back, before we can understand what happened.
-Ewan
> > >
> > > Right. But in practice, a WWID change will hardly happen under
> > > full
> > > IO
> > > load. The storage side will probably have to block IO while this
> > > happens, at least for a short time period. So blocking and
> > > quiescing
> > > the queue upon an UA might still work, most of the time. Even if
> > > we
> > > were too late already, the sooner we stop the queue, the better.
>
> I think in most cases when something happens on an array side you
> will see IO's being aborted. That might be a good time to start doing
> TUR's and if these come back OK do a new inquiry. From a host side
> there is only so much you can do.
>
> > > The current algorithm in multipath-tools needs to detect a path
> > > going
> > > down and being reinstated. The time interval during which a WWID
> > > change
> > > will go unnoticed is one or more path checker intervals,
> > > typically on
> > > the order of 5-30 seconds. If we could decrease this interval to
> > > a
> > > sub-
> > > second or even millisecond range by blocking the queue in the
> > > kernel
> > > quickly, we'd have made a big step forward.
> >
> > Yes, and in many situations this may help. But in the general case
> > we can't protect against a storage array misconfiguration,
> > where something like this can happen. So I worry about people
> > believing the host software will protect them against a mistake,
> > when we can't really do that.
>
> My thought exactly.
>
> > All it takes is one I/O (a discard) to make a thorough mess of the
> > LUN.
> >
> > -Ewan
> >
> > > Regards
> > > Martin
> > >
> >
> > --
> > dm-devel mailing list
> > dm-devel at redhat.com
> > https://listman.redhat.com/mailman/listinfo/dm-devel
> >
>
> --dm-devel mailing listdm-devel at redhat.com
> https://listman.redhat.com/mailman/listinfo/dm-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20210430/85ba7c18/attachment.htm>
More information about the systemd-devel
mailing list