All of lore.kernel.org
 help / color / mirror / Atom feed
From: hare@suse.de (Hannes Reinecke)
Subject: [PATCH rfc 1/2] nvme: don't remove namespace if revalidate failed because of controller reset
Date: Wed, 31 Jul 2019 14:18:55 +0200	[thread overview]
Message-ID: <993aee4e-9f9e-4af1-07e6-69218a12bc1b@suse.de> (raw)
In-Reply-To: <20190729233201.27993-2-sagi@grimberg.me>

On 7/30/19 1:32 AM, Sagi Grimberg wrote:
> If a controller reset is racing with a namespace revalidation, the
> revalidation I/O will surely fail, but we should not remove the
> namespace as we will execute the I/O when the controller is LIVE again.
> Specifically check if the controller is LIVE because as
> RESETTING/CONNECTING are transient and DELETING/DEAD will eventually
> remove the namespace in the removal code path.
> 
> This fixes sporious I/O errors in path failover coditions where the
> controller reset is racing with the namespace scan work.
> 
> Reported-by: Hannes Reinecke  <hare at suse.de>
> Signed-off-by: Sagi Grimberg <sagi at grimberg.me>
> ---
>  drivers/nvme/host/core.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
> index fa31da0762b9..5f6970e7ba73 100644
> --- a/drivers/nvme/host/core.c
> +++ b/drivers/nvme/host/core.c
> @@ -3428,7 +3428,8 @@ static void nvme_validate_ns(struct nvme_ctrl *ctrl, unsigned nsid)
>  
>  	ns = nvme_find_get_ns(ctrl, nsid);
>  	if (ns) {
> -		if (ns->disk && revalidate_disk(ns->disk))
> +		if (ns->disk && revalidate_disk(ns->disk) &&
> +		    ctrl->state != NVME_CTRL_LIVE)
>  			nvme_ns_remove(ns);
>  		nvme_put_ns(ns);
>  	} else
> 
The thing I'm worried about here is concurrency (this was also what
caused my earlier attempts to be rejected).
Thing is, the controller state can be set asynchronously. Which in
itself is protected by ctrl->lock, but here we're not taking the lock at
all. Hence we might be seeing a stale value, causing us to makt the
wrong decision.

I have a patchset checking 'ctrl->state' under lock; will be posting it
later.

And another thing: where's the point in 'revalidate_disk()' to be called
if the controller is not live? At best it won't do anything; at worst
we'll stall if we have to do more than one I/O (the reset cycle will
abort _one_ I/O, but if we have to submit more than one we'll be stuck,
too).

Cheers,

Hannes
-- 
Dr. Hannes Reinecke		   Teamlead Storage & Networking
hare at suse.de			               +49 911 74053 688
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 N?rnberg
GF: Felix Imend?rffer, Mary Higgins, Sri Rasiah
HRB 21284 (AG N?rnberg)

  parent reply	other threads:[~2019-07-31 12:18 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-29 23:31 [PATCH rfc 0/2] nvme controller reset and namespace scan work race conditions Sagi Grimberg
2019-07-29 23:32 ` [PATCH rfc 1/2] nvme: don't remove namespace if revalidate failed because of controller reset Sagi Grimberg
2019-07-30  0:59   ` Keith Busch
2019-07-30  1:04     ` Sagi Grimberg
2019-07-30  1:04   ` Ming Lei
2019-07-30  1:06     ` Sagi Grimberg
2019-07-30  1:10       ` Ming Lei
2019-07-30  1:19         ` Sagi Grimberg
2019-07-30  1:30           ` Ming Lei
2019-07-30  1:40             ` Sagi Grimberg
2019-07-30  2:09               ` Ming Lei
2019-07-30 17:12                 ` Sagi Grimberg
2019-07-30 17:30                   ` Keith Busch
2019-07-30 18:15                     ` Sagi Grimberg
2019-07-31  7:13                       ` Hannes Reinecke
2019-07-31 18:08                         ` Sagi Grimberg
2019-07-31  7:01                     ` Hannes Reinecke
2019-07-31 14:16                       ` Keith Busch
2019-07-31 18:03                       ` Sagi Grimberg
2019-07-31 19:32                         ` Keith Busch
2019-07-31 20:08                           ` Sagi Grimberg
2019-07-31 20:16                             ` Keith Busch
2019-07-31 20:45                               ` Sagi Grimberg
2019-07-31 20:58                                 ` Keith Busch
2019-07-31 21:14                                   ` Sagi Grimberg
2019-07-31 21:54                                     ` Keith Busch
2019-08-01  1:13                                       ` Sagi Grimberg
2019-08-01 14:33                                         ` Keith Busch
2019-08-01 18:52                                           ` Sagi Grimberg
2019-07-31  6:58                   ` Hannes Reinecke
2019-07-31 18:11                     ` Sagi Grimberg
2019-07-31 20:02                       ` Hannes Reinecke
2019-07-31 20:16                         ` Sagi Grimberg
2019-07-31 12:18   ` Hannes Reinecke [this message]
2019-07-31 18:16     ` Sagi Grimberg
2019-07-31 20:04       ` Hannes Reinecke
2019-07-31 20:37         ` Sagi Grimberg
2019-07-29 23:32 ` [PATCH rfc 2/2] nvme: fix possible use-after-free condition when controller reset is racing namespace scanning Sagi Grimberg
2019-07-31 12:23   ` Hannes Reinecke
2019-07-31 18:21     ` Sagi Grimberg
2019-08-01  7:24       ` Hannes Reinecke
2019-08-01 18:46         ` Sagi Grimberg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=993aee4e-9f9e-4af1-07e6-69218a12bc1b@suse.de \
    --to=hare@suse.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.