Re: [PATCH] scsi:Prevent deletion of SCSI block device in use
On Mon, 2016-09-19 at 09:11 +, Gurunath, Vasundhara (STSD) wrote: > James Bottomleywrote: > > > > From: "Gurunath, Vasundhara" > > > > > > SCSI block device can be removed, using write to sysfs delete > > > file as > > > below: > > > echo 1 > /sys/block/sdX/device/delete If the device is in use by > > > applications, or part of system configuration such as boot > > > device, > > > removal can result in application disruptions or system down > > > time. > > > > > > An additional write option ? is added to SCSI sysfs interface as > > > below, in order to prevent accidental deletion of devices in use. > > > echo ? > /sys/block/sdX/device/delete > > > > > > In the absence of any usage, this option proceeds with device > > > deletion. If the device is open, deletion is prevented, and > > > active > > > Open and IO counts at the time of deletion is logged. Information > > > logged during latest delete attempt can be obtained by issuing a > > > read > > > to the delete file as below: > > > cat /sys/block/sdX/device/delete > > > OK, so I'm not too keen on this because our entire system is > > (finally) designed to be hot plug, so echoing 1 to delete simulates > > a hotplug event, and they >can come in at any time. > > > Can you elaborate on why this is necessary? Right at the moment, > > only > > root is allowed to write to this file and cause a deletion ... plus > > the file is pretty >hard to find, buried as it is in sysfs; So I > > would have thought it was pretty safe from accidental misuse; why > > does it need additional protection? > > Some of the requests we got for such checks were from use cases on > large system configurations with several LUNs. People ask for a lot of strange stuff, but unpeel this one further and tell us why they're asking ... what's the use case they're running into that makes them need something like this? > The new changes do not disturb existing interfaces. Writes to the > "delete" sysfs file such as a "1", as advertised in some > distributions like RedHat today, will continue to delete the LUN. > However we thought an option to check usages during delete can > complement existing interfaces. > > The new changes get activated only when one wants to receive alerts > on any lingering usages, and writes a "?" to delete the LUN. > A delete script can write "?" to sysfs delete files in bulk, while > most LUNs get removed in the first attempt, the usages can be > investigated if any LUNs remain with active usage counts. > > Hopefully overhead of these changes is minimal, it is few additional > checks on usage counts and the log. > New changes get active only in delete context and doesn't get into > I/O paths. But that's effectively "because we can". We can do a lot of stuff that adds what you call minimal overhead (although the cumulative addition would be significant), so the rule is we do stuff which is necessary or useful, which is why the question about use cases. James -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] scsi:Prevent deletion of SCSI block device in use
James Bottomleywrote: >> From: "Gurunath, Vasundhara" >> >> SCSI block device can be removed, using write to sysfs delete file as >> below: >> echo 1 > /sys/block/sdX/device/delete If the device is in use by >> applications, or part of system configuration such as boot device, >> removal can result in application disruptions or system down time. > > >> An additional write option ? is added to SCSI sysfs interface as >> below, in order to prevent accidental deletion of devices in use. >> echo ? > /sys/block/sdX/device/delete >> >> In the absence of any usage, this option proceeds with device >> deletion. If the device is open, deletion is prevented, and active >> Open and IO counts at the time of deletion is logged. Information >> logged during latest delete attempt can be obtained by issuing a read >> to the delete file as below: >> cat /sys/block/sdX/device/delete >OK, so I'm not too keen on this because our entire system is (finally) >designed to be hot plug, so echoing 1 to delete simulates a hotplug event, and >they >can come in at any time. >Can you elaborate on why this is necessary? Right at the moment, only >root is allowed to write to this file and cause a deletion ... plus the file >is pretty >hard to find, buried as it is in sysfs; So I would have thought it >was pretty safe from accidental misuse; why does it need additional protection? Some of the requests we got for such checks were from use cases on large system configurations with several LUNs. The new changes do not disturb existing interfaces. Writes to the "delete" sysfs file such as a "1", as advertised in some distributions like RedHat today, will continue to delete the LUN. However we thought an option to check usages during delete can complement existing interfaces. The new changes get activated only when one wants to receive alerts on any lingering usages, and writes a "?" to delete the LUN. A delete script can write "?" to sysfs delete files in bulk, while most LUNs get removed in the first attempt, the usages can be investigated if any LUNs remain with active usage counts. Hopefully overhead of these changes is minimal, it is few additional checks on usage counts and the log. New changes get active only in delete context and doesn't get into I/O paths. -Vasundhara
Re: [PATCH] scsi:Prevent deletion of SCSI block device in use
On Tue, 2016-09-13 at 22:08 +0530, Gurunath, Vasundhara wrote: > From: "Gurunath, Vasundhara"> > SCSI block device can be removed, using write to sysfs > delete file as below: > echo 1 > /sys/block/sdX/device/delete > If the device is in use by applications, or part of > system configuration such as boot device, removal can > result in application disruptions or system down time. > > An additional write option ? is added to SCSI sysfs > interface as below, in order to prevent accidental > deletion of devices in use. > echo ? > /sys/block/sdX/device/delete > > In the absence of any usage, this option proceeds with > device deletion. If the device is open, deletion is > prevented, and active Open and IO counts at the time of > deletion is logged. Information logged during latest > delete attempt can be obtained by issuing a read to the > delete file as below: > cat /sys/block/sdX/device/delete > This looks like debugging code added to find some culprit who deleted a device they weren't supposed to, and make it more difficult for them. I don't think we'd want this in normal usage. -Ewan -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] scsi:Prevent deletion of SCSI block device in use
On Tue, 2016-09-13 at 22:08 +0530, Gurunath, Vasundhara wrote: > From: "Gurunath, Vasundhara"> > SCSI block device can be removed, using write to sysfs > delete file as below: > echo 1 > /sys/block/sdX/device/delete > If the device is in use by applications, or part of > system configuration such as boot device, removal can > result in application disruptions or system down time. > > An additional write option ? is added to SCSI sysfs > interface as below, in order to prevent accidental > deletion of devices in use. > echo ? > /sys/block/sdX/device/delete > > In the absence of any usage, this option proceeds with > device deletion. If the device is open, deletion is > prevented, and active Open and IO counts at the time of > deletion is logged. Information logged during latest > delete attempt can be obtained by issuing a read to the > delete file as below: > cat /sys/block/sdX/device/delete OK, so I'm not too keen on this because our entire system is (finally) designed to be hot plug, so echoing 1 to delete simulates a hotplug event, and they can come in at any time. Can you elaborate on why this is necessary? Right at the moment, only root is allowed to write to this file and cause a deletion ... plus the file is pretty hard to find, buried as it is in sysfs; So I would have thought it was pretty safe from accidental misuse; why does it need additional protection? James -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] scsi:Prevent deletion of SCSI block device in use
From: "Gurunath, Vasundhara"SCSI block device can be removed, using write to sysfs delete file as below: echo 1 > /sys/block/sdX/device/delete If the device is in use by applications, or part of system configuration such as boot device, removal can result in application disruptions or system down time. An additional write option ? is added to SCSI sysfs interface as below, in order to prevent accidental deletion of devices in use. echo ? > /sys/block/sdX/device/delete In the absence of any usage, this option proceeds with device deletion. If the device is open, deletion is prevented, and active Open and IO counts at the time of deletion is logged. Information logged during latest delete attempt can be obtained by issuing a read to the delete file as below: cat /sys/block/sdX/device/delete Signed-off-by: Vasundhara Gurunath --- drivers/scsi/scsi_sysfs.c | 52 +- drivers/scsi/sd.c | 4 include/scsi/scsi_device.h | 2 ++ 3 files changed, 57 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c index 0734927..b0cbfbb 100644 --- a/drivers/scsi/scsi_sysfs.c +++ b/drivers/scsi/scsi_sysfs.c @@ -12,6 +12,8 @@ #include #include #include +#include +#include #include #include @@ -457,6 +459,8 @@ static void scsi_device_dev_release_usercontext(struct work_struct *work) kfree(sdev->vpd_pg83); kfree(sdev->vpd_pg80); kfree(sdev->inquiry); + if (sdev->delete_msg_buf != NULL) + kfree(sdev->delete_msg_buf); kfree(sdev); if (parent) @@ -709,11 +713,57 @@ static ssize_t sdev_store_delete(struct device *dev, struct device_attribute *attr, const char *buf, size_t count) { + struct scsi_device *sdev = to_scsi_device(dev); + struct timeval tv; + struct tm tms; + + if (buf[0] == '?') { + if (sdev->usage_count) { + /* + * Buffer to hold I/O statistics on delete attempt. + */ + if (sdev->delete_msg_buf == NULL) { + sdev->delete_msg_buf = + kmalloc(128, GFP_KERNEL); + memset(sdev->delete_msg_buf, 0, 128); + } + do_gettimeofday(); + time_to_tm(tv.tv_sec, 0, ); + sprintf(sdev->delete_msg_buf, + "Last delete attempt: %d:%d:%ld %02d:%02d\n" + "Open Count : %d\n" + "IO Active Count : %d\n" + "IO Done Count : %d\n", + tms.tm_mday, tms.tm_mon + 1, + tms.tm_year + 1900, + tms.tm_hour, tms.tm_min, + sdev->usage_count, + sdev->iorequest_cnt.counter, + sdev->iodone_cnt.counter); + + return count; + } + } + + if (device_remove_file_self(dev, attr)) scsi_remove_device(to_scsi_device(dev)); return count; }; -static DEVICE_ATTR(delete, S_IWUSR, NULL, sdev_store_delete); + +static ssize_t sdev_show_delete(struct device *dev, + struct device_attribute *attr, char *buf) { + + struct scsi_device *sdev = to_scsi_device(dev); + + if (sdev->delete_msg_buf != NULL) + return sprintf(buf, "%s", sdev->delete_msg_buf); + else + return 0; +} + +static DEVICE_ATTR(delete, S_IRUGO | S_IWUSR, + sdev_show_delete, sdev_store_delete); static ssize_t store_state_field(struct device *dev, struct device_attribute *attr, diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index d3e852a..67d3406 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -1235,6 +1235,7 @@ static int sd_open(struct block_device *bdev, fmode_t mode) if (scsi_block_when_processing_errors(sdev)) scsi_set_medium_removal(sdev, SCSI_REMOVAL_PREVENT); } + sdev->usage_count = sdkp->openers.counter; return 0; @@ -1267,6 +1268,7 @@ static void sd_release(struct gendisk *disk, fmode_t mode) if (scsi_block_when_processing_errors(sdev)) scsi_set_medium_removal(sdev, SCSI_REMOVAL_ALLOW); } + sdev->usage_count = sdkp->openers.counter; /* * XXX and what if there are packets in flight and this close() @@ -3082,6 +3084,8 @@ static int sd_probe(struct device *dev) atomic_set(>openers, 0); atomic_set(>device->ioerr_cnt, 0); + sdp->usage_count = sdkp->openers.counter; + if (!sdp->request_queue->rq_timeout) { if (sdp->type != TYPE_MOD)
Re: [PATCH] scsi:Prevent deletion of SCSI block device in use
Hi Vasundhara, [auto build test WARNING on scsi/for-next] [also build test WARNING on v4.8-rc3 next-20160822] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] [Suggest to use git(>=2.9.0) format-patch --base= (or --base=auto for convenience) to record what (public, well-known) commit your patch series was built on] [Check https://git-scm.com/docs/git-format-patch for more information] url: https://github.com/0day-ci/linux/commits/Vasundhara-Gurunath/scsi-Prevent-deletion-of-SCSI-block-device-in-use/20160819-184126 base: https://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git for-next config: x86_64-randconfig-s2-08191801 (attached as .config) compiler: gcc-4.4 (Debian 4.4.7-8) 4.4.7 reproduce: # save the attached .config to linux build tree make ARCH=x86_64 All warnings (new ones prefixed by >>): drivers/scsi/scsi_sysfs.c: In function 'sdev_store_delete': >> drivers/scsi/scsi_sysfs.c:744: warning: format '%d' expects type 'int', but >> argument 5 has type 'long int' vim +744 drivers/scsi/scsi_sysfs.c 728 sdev->delete_msg_buf = 729 kmalloc(128, GFP_KERNEL); 730 memset(sdev->delete_msg_buf, 0, 128); 731 } 732 do_gettimeofday(); 733 time_to_tm(tv.tv_sec, 0, ); 734 sprintf(sdev->delete_msg_buf, 735 "Last delete attempt: %d:%d:%d %02d:%02d\n" 736 "Open Count : %d\n" 737 "IO Active Count : %d\n" 738 "IO Done Count : %d\n", 739 tms.tm_mday, tms.tm_mon + 1, 740 tms.tm_year + 1900, 741 tms.tm_hour, tms.tm_min, 742 sdev->usage_count, 743 sdev->iorequest_cnt.counter, > 744 sdev->iodone_cnt.counter); 745 746 return count; 747 } 748 } 749 750 if (device_remove_file_self(dev, attr)) 751 scsi_remove_device(to_scsi_device(dev)); 752 return count; --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation .config.gz Description: Binary data
[PATCH] scsi:Prevent deletion of SCSI block device in use
SCSI block device can be removed, using write to sysfs delete file as below: echo 1 > /sys/block/sdX/device/delete If the device is in use by applications, or part of system configuration such as boot device, removal can result in application disruptions or system down time. An additional write option ? is added to SCSI sysfs interface as below, in order to prevent accidental deletion of devices in use. echo ? > /sys/block/sdX/device/delete In the absence of any usage, this option proceeds with device deletion. If the device is open, deletion is prevented, and active Open and IO counts at the time of deletion is logged. Information logged during latest delete attempt can be obtained by issuing a read to the delete file as below: cat /sys/block/sdX/device/delete Signed-off-by: Vasundhara Gurunath--- drivers/scsi/scsi_sysfs.c | 51 +- drivers/scsi/sd.c | 5 - include/scsi/scsi_device.h | 2 ++ 3 files changed, 56 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c index 0734927..716b22a 100644 --- a/drivers/scsi/scsi_sysfs.c +++ b/drivers/scsi/scsi_sysfs.c @@ -12,6 +12,9 @@ #include #include #include +#include +#include + #include #include @@ -457,6 +460,9 @@ static void scsi_device_dev_release_usercontext(struct work_struct *work) kfree(sdev->vpd_pg83); kfree(sdev->vpd_pg80); kfree(sdev->inquiry); + if (sdev->delete_msg_buf != NULL) + kfree(sdev->delete_msg_buf); + kfree(sdev); if (parent) @@ -709,11 +715,54 @@ static ssize_t sdev_store_delete(struct device *dev, struct device_attribute *attr, const char *buf, size_t count) { + struct scsi_device *sdev = to_scsi_device(dev); + struct timeval tv; + struct tm tms; + + if (buf[0] == '?') { + if (sdev->usage_count) { + /* +* Buffer to hold I/O statistics on delete attempt. +*/ + if (sdev->delete_msg_buf == NULL) { + sdev->delete_msg_buf = + kmalloc(128, GFP_KERNEL); + memset(sdev->delete_msg_buf, 0, 128); + } + do_gettimeofday(); + time_to_tm(tv.tv_sec, 0, ); + sprintf(sdev->delete_msg_buf, + "Last delete attempt: %d:%d:%d %02d:%02d\n" + "Open Count : %d\n" + "IO Active Count : %d\n" + "IO Done Count : %d\n", + tms.tm_mday, tms.tm_mon + 1, + tms.tm_year + 1900, + tms.tm_hour, tms.tm_min, + sdev->usage_count, + sdev->iorequest_cnt.counter, + sdev->iodone_cnt.counter); + + return count; + } + } + if (device_remove_file_self(dev, attr)) scsi_remove_device(to_scsi_device(dev)); return count; }; -static DEVICE_ATTR(delete, S_IWUSR, NULL, sdev_store_delete); + +static ssize_t sdev_show_delete(struct device *dev, + struct device_attribute *attr, char *buf) { + + struct scsi_device *sdev = to_scsi_device(dev); + if (sdev->delete_msg_buf != NULL) + return sprintf(buf, "%s", sdev->delete_msg_buf); + else + return 0; +} +static DEVICE_ATTR(delete, S_IRUGO | S_IWUSR, sdev_show_delete, +sdev_store_delete); static ssize_t store_state_field(struct device *dev, struct device_attribute *attr, diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index d3e852a..d5cf25c 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -1235,6 +1235,7 @@ static int sd_open(struct block_device *bdev, fmode_t mode) if (scsi_block_when_processing_errors(sdev)) scsi_set_medium_removal(sdev, SCSI_REMOVAL_PREVENT); } + sdev->usage_count = sdkp->openers.counter; return 0; @@ -1267,7 +1268,7 @@ static void sd_release(struct gendisk *disk, fmode_t mode) if (scsi_block_when_processing_errors(sdev)) scsi_set_medium_removal(sdev, SCSI_REMOVAL_ALLOW); } - + sdev->usage_count = sdkp->openers.counter; /* * XXX and what if there are packets in flight and this close() * XXX is followed by a "rmmod sd_mod"? @@ -3082,6 +3083,8 @@ static int sd_probe(struct device *dev) atomic_set(>openers, 0); atomic_set(>device->ioerr_cnt, 0); + sdp->usage_count = sdkp->openers.counter; + if (!sdp->request_queue->rq_timeout) {