| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cb868bc8-ded2-4635-afbb-098f378f74db@suse.de> Date: Thu, 17 Apr 2025 09:28:18 +0200 From: Hannes Reinecke <hare@...e.de> To: Mohamed Khalfella <mkhalfella@...estorage.com>, Sagi Grimberg <sagi@...mberg.me> Cc: Daniel Wagner <dwagner@...e.de>, Daniel Wagner <wagi@...nel.org>, Christoph Hellwig <hch@....de>, Keith Busch <kbusch@...nel.org>, John Meneghini <jmeneghi@...hat.com>, randyj@...estorage.com, linux-nvme@...ts.infradead.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH RFC 3/3] nvme: delay failover by command quiesce timeout On 4/17/25 00:59, Mohamed Khalfella wrote: > On 2025-04-17 01:21:08 +0300, Sagi Grimberg wrote: >> >> >> On 16/04/2025 16:53, Mohamed Khalfella wrote: >>> On 2025-04-16 10:30:11 +0200, Daniel Wagner wrote: >>>> On Tue, Apr 15, 2025 at 05:40:16PM -0700, Mohamed Khalfella wrote: >>>>> On 2025-04-15 14:17:48 +0200, Daniel Wagner wrote: >>>>>> Pasthrough commands should fail immediately. Userland is in charge here, >>>>>> not the kernel. At least this what should happen here. >>>>> I see your point. Unless I am missing something these requests should be >>>>> held equally to bio requests from multipath layer. Let us say app >>>>> submitted write a request that got canceled immediately, how does the app >>>>> know when it is safe to retry the write request? >>>> Good question, but nothing new as far I can tell. If the kernel doesn't >>>> start to retry passthru IO commands, we have to figure out how to pass >>>> additional information to the userland. >>>> >>> nvme multipath does not retry passthru commands. That is said, there is >>> nothing prevents userspace from retrying canceled command immediately >>> resulting in the unwanted behavior these very patches try to address. >> >> userspace can read the controller cqt and implement the retry logic on >> its own. >> If it doesn't/can't, it should use normal fs io. the driver does not >> handle passthru retries. > > passthru requests are not very different from normal IO. If the driver > holds normal IO requests to prevent corruption, it should hold passthru > requests too, for the same reason, no? > > IMO, keeping the request holding logic in the driver makes more sense > than implementing it in userspace. One reason is that CCR can help > release requests held requests faster. > One thing to keep in mind: We cannot hold requests during controller reset. Requests are an index into a statically allocated array from the request queue, which gets deleted when the request queue is removed during controller teardown. So I _really_ would like to exclude handling of admin and passthrough commands for now, as there are extremely few commands which are not idempotent. If we really care we can just error them out upon submission until error recovery is done. But I'm not sure if it's worth the hassle; at this time we don't even handle admin commands correctly (admin commands should not be affected by the ANA status, yet they are). Cheers, Hannes -- Dr. Hannes Reinecke Kernel Storage Architect hare@...e.de +49 911 74053 688 SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
Powered by blists - more mailing lists