lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20250926233642.268514-1-sushrut@arista.com>
Date: Fri, 26 Sep 2025 23:36:42 +0000
From: sushrut <sushrut@...sta.com>
To: James.Bottomley@...senPartnership.com,
	martin.petersen@...cle.com
Cc: linux-scsi@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Sushrut Shirole <sushrut@...sta.com>
Subject: [PATCH] scsi: sd: Add sd_stop_on_restart parameter for restart device shutdown

From: Sushrut Shirole <sushrut@...sta.com>

Currently, sd_shutdown() skips calling sd_start_stop_device() during
system restart (SYSTEM_RESTART) to avoid delays during reboot, under
the assumption that storage devices will maintain power and don't need
to be explicitly stopped.

However, this assumption doesn't hold for all system designs. Unlike
traditional servers that can maintain storage power during restart,
some enterprise network equipment, embedded systems, and specialized
hardware use centralized power management that immediately cuts power
to all components during restart. This can result in:

- Filesystem corruption due to incomplete writes
- SSD firmware corruption during metadata update operations,
  potentially leading to unrecoverable device failure
- Elevated SMART error counters (e.g., Unexpected_Power_Loss_Ct)
- Potential data loss in systems without proper power-fail protection

While the kernel provides manage_shutdown and manage_runtime_start_stop
flags for fine-grained control in other scenarios, there's currently no
mechanism to ensure proper device shutdown during restart for systems
that require it.

Add a module parameter 'sd_stop_on_restart' (default: false) to allow
administrators to enable device stop operations during system restart.
This maintains backward compatibility while providing the flexibility
needed for diverse hardware configurations.

The parameter follows established patterns in other SCSI drivers
(e.g., smartpqi's disable_ctrl_shutdown) and provides a clean
administrative interface via /sys/module/sd_mod/parameters/.

Signed-off-by: Sushrut Shirole <sushrut@...sta.com>
---
 drivers/scsi/sd.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
index 5b8668accf8e..d280b395026d 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -116,6 +116,10 @@ static DEFINE_IDA(sd_index_ida);
 static mempool_t *sd_page_pool;
 static struct lock_class_key sd_bio_compl_lkclass;
 
+static bool sd_stop_on_restart;
+module_param(sd_stop_on_restart, bool, 0644);
+MODULE_PARM_DESC(sd_stop_on_restart, "Issue STOP UNIT command on system restart (default: false)");
+
 static const char *sd_cache_types[] = {
 	"write through", "none", "write back",
 	"write back, no read (daft)"
@@ -4172,6 +4176,9 @@ static void sd_shutdown(struct device *dev)
 
 	if ((system_state != SYSTEM_RESTART &&
 	     sdkp->device->manage_system_start_stop) ||
+	    (system_state == SYSTEM_RESTART &&
+	     sdkp->device->manage_system_start_stop &&
+	     sd_stop_on_restart) ||
 	    (system_state == SYSTEM_POWER_OFF &&
 	     sdkp->device->manage_shutdown) ||
 	    (system_state == SYSTEM_RUNNING &&
-- 
2.51.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ