Re: [PATCHSET block#for-2.6.36-post] block: replace barrier withsequenced flush

From: Kiyoshi Ueda
Date: Mon Aug 30 2010 - 02:15:22 EST

Next message: Minchan Kim: "Re: [PATCH] vmscan: prevent background aging of anon page in no swap system"
Previous message: divya: "Re: Power machines fail to boot after build being successful"
In reply to: Mike Snitzer: "Re: [PATCHSET block#for-2.6.36-post] block: replace barrier withsequenced flush"
Next in thread: Mike Snitzer: "safety of retrying SYNCHRONIZE CACHE [was: Re: [PATCHSETblock#for-2.6.36-post] block: replace barrier with sequenced flush]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Mike,

On 08/27/2010 10:49 PM +0900, Mike Snitzer wrote:
> Kiyoshi Ueda <k-ueda@xxxxxxxxxxxxx> wrote:
>> On 08/26/2010 12:28 AM +0900, Mike Snitzer wrote:
>>> Kiyoshi Ueda <k-ueda@xxxxxxxxxxxxx> wrote:
>>>> Anyway, as you said, the flush error handling of dm-mpath is already
>>>> broken if data loss really happens on any storage used by dm-mpath.
>>>> Although it's a serious issue and quick fix is required, I think
>>>> you may leave the old behavior in your patch-set, since it's
>>>> a separate issue.
>>>
>>> I'm not seeing where anything is broken with current mpath. If a
>>> multipathed LUN is WCE=1 then it should be fair to assume the cache is
>>> mirrored or shared across ports. Therefore retrying the SYNCHRONIZE
>>> CACHE is needed.
>>>
>>> Do we still have fear that SYNCHRONIZE CACHE can silently drop data?
>>> Seems unlikely especially given what Tejun shared from SBC.
>>
>> Do we have any proof to wipe that fear?
>>
>> If retrying on flush failure is safe on all storages used with multipath
>> (e.g. SCSI, CCISS, DASD, etc), then current dm-mpath should be fine in
>> the real world.
>> But I'm afraid if there is a storage where something like below can happen:
>> - a flush command is returned as error to mpath because a part of
>> cache has physically broken at the time or so, then that part of
>> data loses and the size of the cache is shrunk by the storage.
>> - mpath retries the flush command using other path.
>> - the flush command is returned as success to mpath.
>> - mpath passes the result, success, to upper layer, but some of
>> the data already lost.
>
> That does seem like a valid concern. But I'm not seeing why its unique
> to SYNCHRONIZE CACHE. Any IO that fails on the target side should be
> passed up once the error gets to DM.

See the Tejun's explanation again:
http://marc.info/?l=linux-kernel&m=128267361813859&w=2
What I'm concerning is whether the same thing as Tejun explained
for ATA can happen on other types of devices.

Normal write command has data and no data loss happens on error.
So it can be retried cleanly, and if the result of the retry is
success, it's really success, no implicit data loss.

Normal read command has a sector to read. If the sector is broken,
all retries will fail and the error will be reported upwards.
So it can be retried cleanly as well.

Thanks,
Kiyoshi Ueda
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Minchan Kim: "Re: [PATCH] vmscan: prevent background aging of anon page in no swap system"
Previous message: divya: "Re: Power machines fail to boot after build being successful"
In reply to: Mike Snitzer: "Re: [PATCHSET block#for-2.6.36-post] block: replace barrier withsequenced flush"
Next in thread: Mike Snitzer: "safety of retrying SYNCHRONIZE CACHE [was: Re: [PATCHSETblock#for-2.6.36-post] block: replace barrier with sequenced flush]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]