Re: [PATCH] scsi:Prevent deletion of SCSI block device in use

2016-09-19 Thread James Bottomley 
On Mon, 2016-09-19 at 09:11 +, Gurunath, Vasundhara (STSD) wrote:
> James Bottomley  wrote: 
> 
> > > From: "Gurunath, Vasundhara" 
> > > 
> > > SCSI block device can be removed, using write to sysfs delete
> > > file as
> > > below:
> > > echo 1 > /sys/block/sdX/device/delete If the device is in use by 
> > > applications, or part of system configuration such as boot
> > > device, 
> > > removal can result in application disruptions or system down
> > > time.
> > > 
> > > An additional write option ? is added to SCSI sysfs interface as 
> > > below, in order to prevent accidental deletion of devices in use.
> > > echo ? > /sys/block/sdX/device/delete
> > > 
> > > In the absence of any usage, this option proceeds with device 
> > > deletion.  If the device is open, deletion is prevented, and
> > > active 
> > > Open and IO counts at the time of deletion is logged. Information
> > > logged during latest delete attempt can be obtained by issuing a
> > > read 
> > > to the delete file as below:
> > > cat  /sys/block/sdX/device/delete
> 
> > OK, so I'm not too keen on this because our entire system is
> > (finally) designed to be hot plug, so echoing 1 to delete simulates
> > a hotplug event, and they >can come in at any time.
> 
> > Can you elaborate on why this is necessary?  Right at the moment,
> > only 
> > root is allowed to write to this file and cause a deletion ... plus
> > the file is pretty >hard to find, buried as it is in sysfs;  So I
> > would have thought it was pretty safe from accidental misuse; why
> > does it need additional protection?
> 
> Some of the requests we got for such checks were from use cases on
> large system configurations with several LUNs.

People ask for a lot of strange stuff, but unpeel this one further and
tell us why they're asking ... what's the use case they're running into
that makes them need something like this?

> The new changes do not disturb existing interfaces. Writes to the
> "delete" sysfs file such as a "1", as advertised in some
> distributions like RedHat today, will continue to delete the LUN.
> However we thought an option to check usages during delete can
> complement existing interfaces. 
>  
> The new changes get activated only when one wants to receive alerts
> on any lingering usages, and writes a "?" to delete the LUN.
> A delete script can write "?" to sysfs delete files in bulk, while
> most LUNs get removed in the first attempt, the usages can be
> investigated if any LUNs remain with active usage counts. 
> 
> Hopefully overhead of these changes is minimal, it is few additional
> checks on usage counts and the log.
> New changes get active only in delete context and doesn't get into 
> I/O paths.

But that's effectively "because we can".  We can do a lot of stuff that
adds what you call minimal overhead (although the cumulative addition
would be significant), so the rule is we do stuff which is necessary or
useful, which is why the question about use cases.

James


--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] scsi:Prevent deletion of SCSI block device in use

2016-09-19 Thread Gurunath, Vasundhara (STSD) 

James Bottomley  wrote: 

>> From: "Gurunath, Vasundhara" 
>>
>> SCSI block device can be removed, using write to sysfs delete file as
>> below:
>> echo 1 > /sys/block/sdX/device/delete If the device is in use by 
>> applications, or part of system configuration such as boot device, 
>> removal can result in application disruptions or system down time.
> >
>> An additional write option ? is added to SCSI sysfs interface as 
>> below, in order to prevent accidental deletion of devices in use.
>> echo ? > /sys/block/sdX/device/delete
>>
>> In the absence of any usage, this option proceeds with device 
>> deletion.  If the device is open, deletion is prevented, and active 
>> Open and IO counts at the time of deletion is logged. Information 
>> logged during latest delete attempt can be obtained by issuing a read 
>> to the delete file as below:
>> cat  /sys/block/sdX/device/delete

>OK, so I'm not too keen on this because our entire system is (finally) 
>designed to be hot plug, so echoing 1 to delete simulates a hotplug event, and 
>they >can come in at any time.

>Can you elaborate on why this is necessary?  Right at the moment, only 
>root is allowed to write to this file and cause a deletion ... plus the file 
>is pretty >hard to find, buried as it is in sysfs;  So I would have thought it 
>was pretty safe from accidental misuse; why does it need additional protection?

Some of the requests we got for such checks were from use cases on large system 
configurations with several LUNs.
The new changes do not disturb existing interfaces. Writes to the "delete" 
sysfs file such as a "1", as advertised in some distributions like RedHat 
today, will continue to delete the LUN. However we thought an option to check 
usages during delete can complement existing interfaces. 
 
The new changes get activated only when one wants to receive alerts on any 
lingering usages, and writes a "?" to delete the LUN.
A delete script can write "?" to sysfs delete files in bulk, while most LUNs 
get removed in the first attempt, the usages can be investigated if any LUNs 
remain with active usage counts. 

Hopefully overhead of these changes is minimal, it is few additional checks on 
usage counts and the log.
New changes get active only in delete context and doesn't get into I/O paths.

-Vasundhara

Re: [PATCH] scsi:Prevent deletion of SCSI block device in use

2016-09-13 Thread Ewan D. Milne 
On Tue, 2016-09-13 at 22:08 +0530, Gurunath, Vasundhara wrote:
> From: "Gurunath, Vasundhara" 
> 
> SCSI block device can be removed, using write to sysfs
> delete file as below:
> echo 1 > /sys/block/sdX/device/delete
> If the device is in use by applications, or part of
> system configuration such as boot device, removal can
> result in application disruptions or system down time.
> 
> An additional write option ? is added to SCSI sysfs
> interface as below, in order to prevent accidental
> deletion of devices in use.
> echo ? > /sys/block/sdX/device/delete
> 
> In the absence of any usage, this option proceeds with
> device deletion.  If the device is open, deletion is
> prevented, and active Open and IO counts at the time of
> deletion is logged. Information logged during latest
> delete attempt can be obtained by issuing a read to the
> delete file as below:
> cat  /sys/block/sdX/device/delete
> 

This looks like debugging code added to find some culprit
who deleted a device they weren't supposed to, and make it
more difficult for them.

I don't think we'd want this in normal usage.

-Ewan



--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] scsi:Prevent deletion of SCSI block device in use

2016-09-13 Thread James Bottomley 
On Tue, 2016-09-13 at 22:08 +0530, Gurunath, Vasundhara wrote:
> From: "Gurunath, Vasundhara" 
> 
> SCSI block device can be removed, using write to sysfs
> delete file as below:
> echo 1 > /sys/block/sdX/device/delete
> If the device is in use by applications, or part of
> system configuration such as boot device, removal can
> result in application disruptions or system down time.
> 
> An additional write option ? is added to SCSI sysfs
> interface as below, in order to prevent accidental
> deletion of devices in use.
> echo ? > /sys/block/sdX/device/delete
> 
> In the absence of any usage, this option proceeds with
> device deletion.  If the device is open, deletion is
> prevented, and active Open and IO counts at the time of
> deletion is logged. Information logged during latest
> delete attempt can be obtained by issuing a read to the
> delete file as below:
> cat  /sys/block/sdX/device/delete

OK, so I'm not too keen on this because our entire system is (finally)
designed to be hot plug, so echoing 1 to delete simulates a hotplug
event, and they can come in at any time.

Can you elaborate on why this is necessary?  Right at the moment, only
root is allowed to write to this file and cause a deletion ... plus the
file is pretty hard to find, buried as it is in sysfs; So I would have
thought it was pretty safe from accidental misuse; why does it need
additional protection?

James


--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] scsi:Prevent deletion of SCSI block device in use

2016-09-13 Thread Gurunath, Vasundhara 
From: "Gurunath, Vasundhara" 

SCSI block device can be removed, using write to sysfs
delete file as below:
echo 1 > /sys/block/sdX/device/delete
If the device is in use by applications, or part of
system configuration such as boot device, removal can
result in application disruptions or system down time.

An additional write option ? is added to SCSI sysfs
interface as below, in order to prevent accidental
deletion of devices in use.
echo ? > /sys/block/sdX/device/delete

In the absence of any usage, this option proceeds with
device deletion.  If the device is open, deletion is
prevented, and active Open and IO counts at the time of
deletion is logged. Information logged during latest
delete attempt can be obtained by issuing a read to the
delete file as below:
cat  /sys/block/sdX/device/delete

Signed-off-by: Vasundhara Gurunath 
---
 drivers/scsi/scsi_sysfs.c  | 52 +-
 drivers/scsi/sd.c  |  4 
 include/scsi/scsi_device.h |  2 ++
 3 files changed, 57 insertions(+), 1 deletion(-)

diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
index 0734927..b0cbfbb 100644
--- a/drivers/scsi/scsi_sysfs.c
+++ b/drivers/scsi/scsi_sysfs.c
@@ -12,6 +12,8 @@
 #include 
 #include 
 #include 
+#include 
+#include 
 
 #include 
 #include 
@@ -457,6 +459,8 @@ static void scsi_device_dev_release_usercontext(struct 
work_struct *work)
kfree(sdev->vpd_pg83);
kfree(sdev->vpd_pg80);
kfree(sdev->inquiry);
+   if (sdev->delete_msg_buf != NULL)
+   kfree(sdev->delete_msg_buf);
kfree(sdev);
 
if (parent)
@@ -709,11 +713,57 @@ static ssize_t
 sdev_store_delete(struct device *dev, struct device_attribute *attr,
  const char *buf, size_t count)
 {
+   struct scsi_device *sdev = to_scsi_device(dev);
+   struct timeval tv;
+   struct tm tms;
+
+   if (buf[0] == '?')  {
+   if (sdev->usage_count) {
+   /*
+   * Buffer to hold I/O statistics on delete attempt.
+   */
+   if (sdev->delete_msg_buf == NULL) {
+   sdev->delete_msg_buf =
+   kmalloc(128, GFP_KERNEL);
+   memset(sdev->delete_msg_buf, 0, 128);
+   }
+   do_gettimeofday();
+   time_to_tm(tv.tv_sec, 0, );
+   sprintf(sdev->delete_msg_buf,
+   "Last delete attempt: %d:%d:%ld %02d:%02d\n"
+   "Open Count : %d\n"
+   "IO Active Count : %d\n"
+   "IO Done Count : %d\n",
+   tms.tm_mday, tms.tm_mon + 1,
+   tms.tm_year + 1900,
+   tms.tm_hour, tms.tm_min,
+   sdev->usage_count,
+   sdev->iorequest_cnt.counter,
+   sdev->iodone_cnt.counter);
+
+   return count;
+   }
+   }
+
+
if (device_remove_file_self(dev, attr))
scsi_remove_device(to_scsi_device(dev));
return count;
 };
-static DEVICE_ATTR(delete, S_IWUSR, NULL, sdev_store_delete);
+
+static ssize_t sdev_show_delete(struct device *dev,
+   struct device_attribute *attr, char *buf) {
+
+   struct scsi_device *sdev = to_scsi_device(dev);
+
+   if (sdev->delete_msg_buf != NULL)
+   return sprintf(buf, "%s", sdev->delete_msg_buf);
+   else
+   return 0;
+}
+
+static DEVICE_ATTR(delete, S_IRUGO | S_IWUSR,
+   sdev_show_delete, sdev_store_delete);
 
 static ssize_t
 store_state_field(struct device *dev, struct device_attribute *attr,
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
index d3e852a..67d3406 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -1235,6 +1235,7 @@ static int sd_open(struct block_device *bdev, fmode_t 
mode)
if (scsi_block_when_processing_errors(sdev))
scsi_set_medium_removal(sdev, SCSI_REMOVAL_PREVENT);
}
+   sdev->usage_count = sdkp->openers.counter;
 
return 0;
 
@@ -1267,6 +1268,7 @@ static void sd_release(struct gendisk *disk, fmode_t mode)
if (scsi_block_when_processing_errors(sdev))
scsi_set_medium_removal(sdev, SCSI_REMOVAL_ALLOW);
}
+   sdev->usage_count = sdkp->openers.counter;
 
/*
 * XXX and what if there are packets in flight and this close()
@@ -3082,6 +3084,8 @@ static int sd_probe(struct device *dev)
atomic_set(>openers, 0);
atomic_set(>device->ioerr_cnt, 0);
 
+   sdp->usage_count = sdkp->openers.counter;
+
if (!sdp->request_queue->rq_timeout) {
if (sdp->type != TYPE_MOD)

Re: [PATCH] scsi:Prevent deletion of SCSI block device in use

2016-08-22 Thread kbuild test robot 
Hi Vasundhara,

[auto build test WARNING on scsi/for-next]
[also build test WARNING on v4.8-rc3 next-20160822]
[if your patch is applied to the wrong git tree, please drop us a note to help 
improve the system]
[Suggest to use git(>=2.9.0) format-patch --base= (or --base=auto for 
convenience) to record what (public, well-known) commit your patch series was 
built on]
[Check https://git-scm.com/docs/git-format-patch for more information]

url:
https://github.com/0day-ci/linux/commits/Vasundhara-Gurunath/scsi-Prevent-deletion-of-SCSI-block-device-in-use/20160819-184126
base:   https://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git for-next
config: x86_64-randconfig-s2-08191801 (attached as .config)
compiler: gcc-4.4 (Debian 4.4.7-8) 4.4.7
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64 

All warnings (new ones prefixed by >>):

   drivers/scsi/scsi_sysfs.c: In function 'sdev_store_delete':
>> drivers/scsi/scsi_sysfs.c:744: warning: format '%d' expects type 'int', but 
>> argument 5 has type 'long int'

vim +744 drivers/scsi/scsi_sysfs.c

   728  sdev->delete_msg_buf =
   729  kmalloc(128, GFP_KERNEL);
   730  memset(sdev->delete_msg_buf, 0, 128);
   731  }
   732  do_gettimeofday();
   733  time_to_tm(tv.tv_sec, 0, );
   734  sprintf(sdev->delete_msg_buf,
   735  "Last delete attempt: %d:%d:%d 
%02d:%02d\n"
   736  "Open Count : %d\n"
   737  "IO Active Count : %d\n"
   738  "IO Done Count : %d\n",
   739  tms.tm_mday, tms.tm_mon + 1,
   740  tms.tm_year + 1900,
   741  tms.tm_hour, tms.tm_min,
   742  sdev->usage_count,
   743  sdev->iorequest_cnt.counter,
 > 744  sdev->iodone_cnt.counter);
   745  
   746  return count;
   747  }
   748  }
   749  
   750  if (device_remove_file_self(dev, attr))
   751  scsi_remove_device(to_scsi_device(dev));
   752  return count;

---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all   Intel Corporation


.config.gz
Description: Binary data

[PATCH] scsi:Prevent deletion of SCSI block device in use

2016-08-19 Thread Vasundhara Gurunath 
SCSI block device can be removed, using write to sysfs delete file as below:
echo 1 > /sys/block/sdX/device/delete
If the device is in use by applications, or part of system configuration
such as boot device, removal can result in application disruptions or
system down time.

An additional write option ? is added to SCSI sysfs interface as below,
in order to prevent accidental deletion of devices in use.
echo ? > /sys/block/sdX/device/delete

In the absence of any usage, this option proceeds with device deletion.
If the device is open, deletion is prevented, and active Open and IO
counts at the time of deletion is logged. Information logged during latest
delete attempt can be obtained by issuing a read to the delete file as below:
cat  /sys/block/sdX/device/delete

Signed-off-by: Vasundhara Gurunath 
---
 drivers/scsi/scsi_sysfs.c  | 51 +-
 drivers/scsi/sd.c  |  5 -
 include/scsi/scsi_device.h |  2 ++
 3 files changed, 56 insertions(+), 2 deletions(-)

diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
index 0734927..716b22a 100644
--- a/drivers/scsi/scsi_sysfs.c
+++ b/drivers/scsi/scsi_sysfs.c
@@ -12,6 +12,9 @@
 #include 
 #include 
 #include 
+#include 
+#include 
+
 
 #include 
 #include 
@@ -457,6 +460,9 @@ static void scsi_device_dev_release_usercontext(struct 
work_struct *work)
kfree(sdev->vpd_pg83);
kfree(sdev->vpd_pg80);
kfree(sdev->inquiry);
+   if (sdev->delete_msg_buf != NULL)
+   kfree(sdev->delete_msg_buf);
+
kfree(sdev);
 
if (parent)
@@ -709,11 +715,54 @@ static ssize_t
 sdev_store_delete(struct device *dev, struct device_attribute *attr,
  const char *buf, size_t count)
 {
+   struct scsi_device *sdev = to_scsi_device(dev);
+   struct timeval tv;
+   struct tm tms;
+
+   if (buf[0] == '?')  {
+   if (sdev->usage_count) {
+   /*
+* Buffer to hold I/O statistics on delete attempt.
+*/
+   if (sdev->delete_msg_buf == NULL) {
+   sdev->delete_msg_buf =
+   kmalloc(128, GFP_KERNEL);
+   memset(sdev->delete_msg_buf, 0, 128);
+   }
+   do_gettimeofday();
+   time_to_tm(tv.tv_sec, 0, );
+   sprintf(sdev->delete_msg_buf,
+   "Last delete attempt: %d:%d:%d %02d:%02d\n"
+   "Open Count : %d\n"
+   "IO Active Count : %d\n"
+   "IO Done Count : %d\n",
+   tms.tm_mday, tms.tm_mon + 1,
+   tms.tm_year + 1900,
+   tms.tm_hour, tms.tm_min,
+   sdev->usage_count,
+   sdev->iorequest_cnt.counter,
+   sdev->iodone_cnt.counter);
+
+   return count;
+   }
+   }
+
if (device_remove_file_self(dev, attr))
scsi_remove_device(to_scsi_device(dev));
return count;
 };
-static DEVICE_ATTR(delete, S_IWUSR, NULL, sdev_store_delete);
+
+static ssize_t sdev_show_delete(struct device *dev,
+   struct device_attribute *attr, char *buf) {
+
+   struct scsi_device *sdev = to_scsi_device(dev);
+   if (sdev->delete_msg_buf != NULL)
+   return sprintf(buf, "%s", sdev->delete_msg_buf);
+   else
+   return 0;
+}
+static DEVICE_ATTR(delete, S_IRUGO | S_IWUSR, sdev_show_delete,
+sdev_store_delete);
 
 static ssize_t
 store_state_field(struct device *dev, struct device_attribute *attr,
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
index d3e852a..d5cf25c 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -1235,6 +1235,7 @@ static int sd_open(struct block_device *bdev, fmode_t 
mode)
if (scsi_block_when_processing_errors(sdev))
scsi_set_medium_removal(sdev, SCSI_REMOVAL_PREVENT);
}
+   sdev->usage_count = sdkp->openers.counter;
 
return 0;
 
@@ -1267,7 +1268,7 @@ static void sd_release(struct gendisk *disk, fmode_t mode)
if (scsi_block_when_processing_errors(sdev))
scsi_set_medium_removal(sdev, SCSI_REMOVAL_ALLOW);
}
-
+   sdev->usage_count = sdkp->openers.counter;
/*
 * XXX and what if there are packets in flight and this close()
 * XXX is followed by a "rmmod sd_mod"?
@@ -3082,6 +3083,8 @@ static int sd_probe(struct device *dev)
atomic_set(>openers, 0);
atomic_set(>device->ioerr_cnt, 0);
 
+   sdp->usage_count = sdkp->openers.counter;
+
if (!sdp->request_queue->rq_timeout) {