[Qemu-devel] [PATCH v2] scsi-block: Add qdev error properties

Fam Zheng posted 1 patch 6 years, 7 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20170817141148.13111-1-famz@redhat.com
Test FreeBSD passed
Test checkpatch passed
Test docker passed
Test s390x passed
hw/scsi/scsi-disk.c | 81 ++++++++++++++++++++++++++++++++++++++---------------
1 file changed, 59 insertions(+), 22 deletions(-)
[Qemu-devel] [PATCH v2] scsi-block: Add qdev error properties
Posted by Fam Zheng 6 years, 7 months ago
This makes the werror/rerror options available on the scsi-block device,
to allow user specify error handling policy in the same way as scsi-hd
etc.

Signed-off-by: Fam Zheng <famz@redhat.com>

---

Take care of status, error, sense and QMP as well. [Paolo]
---
 hw/scsi/scsi-disk.c | 81 ++++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 59 insertions(+), 22 deletions(-)

diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
index 5f1e5e8070..124d77c159 100644
--- a/hw/scsi/scsi-disk.c
+++ b/hw/scsi/scsi-disk.c
@@ -106,7 +106,8 @@ typedef struct SCSIDiskState
     bool tray_locked;
 } SCSIDiskState;
 
-static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed);
+static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int status,
+                                bool update_sense, bool acct_failed);
 
 static void scsi_free_request(SCSIRequest *req)
 {
@@ -179,21 +180,23 @@ static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
 
 static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
 {
+    int status = r->status ? *r->status : 0;
+
     if (r->req.io_canceled) {
         scsi_req_cancel_complete(&r->req);
         return true;
     }
 
-    if (ret < 0) {
-        return scsi_handle_rw_error(r, -ret, acct_failed);
+    if (ret < 0 || status) {
+        return scsi_handle_rw_error(r, -ret, status, !r->status, acct_failed);
     }
 
-    if (r->status && *r->status) {
+    if (status) {
         if (acct_failed) {
             SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
             block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
         }
-        scsi_req_complete(&r->req, *r->status);
+        scsi_req_complete(&r->req, status);
         return true;
     }
 
@@ -421,6 +424,22 @@ static void scsi_read_data(SCSIRequest *req)
     }
 }
 
+static bool scsi_sense_matches(SCSIDiskReq *r, SCSISense sense)
+{
+    SCSIRequest *req = &r->req;
+    if (req->sense[0] == 0x70) {
+        return (req->sense[2] & 0xF) == sense.key &&
+               req->sense[12] == sense.asc &&
+               req->sense[13] == sense.ascq;
+    } else if (req->sense[0] == 0x72) {
+        return (req->sense[1] & 0xF) == sense.key &&
+               req->sense[2] == sense.asc &&
+               req->sense[3] == sense.ascq;
+    } else {
+        return false;
+    }
+}
+
 /*
  * scsi_handle_rw_error has two return values.  0 means that the error
  * must be ignored, 1 means that the error has been processed and the
@@ -428,7 +447,8 @@ static void scsi_read_data(SCSIRequest *req)
  * scsi_handle_rw_error always manages its reference counts, independent
  * of the return value.
  */
-static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
+static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int status,
+                                bool update_sense, bool acct_failed)
 {
     bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
     SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
@@ -439,22 +459,38 @@ static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
         if (acct_failed) {
             block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
         }
-        switch (error) {
-        case ENOMEDIUM:
-            scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
-            break;
-        case ENOMEM:
-            scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
-            break;
-        case EINVAL:
-            scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
-            break;
-        case ENOSPC:
-            scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
-            break;
-        default:
-            scsi_check_condition(r, SENSE_CODE(IO_ERROR));
-            break;
+        if (update_sense) {
+            switch (error) {
+            case ENOMEDIUM:
+                scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
+                break;
+            case ENOMEM:
+                scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
+                break;
+            case EINVAL:
+                scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
+                break;
+            case ENOSPC:
+                scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
+                break;
+            default:
+                scsi_check_condition(r, SENSE_CODE(IO_ERROR));
+                break;
+            }
+        }
+    }
+    if (!error) {
+        assert(status);
+        if (scsi_sense_matches(r, SENSE_CODE(NO_MEDIUM))) {
+            error = ENOMEDIUM;
+        } else if (scsi_sense_matches(r, SENSE_CODE(TARGET_FAILURE))) {
+            error = ENOMEM;
+        } else if (scsi_sense_matches(r, SENSE_CODE(INVALID_FIELD))) {
+            error = EINVAL;
+        } else if (scsi_sense_matches(r, SENSE_CODE(SPACE_ALLOC_FAILED))) {
+            error = ENOSPC;
+        } else {
+            error = EIO;
         }
     }
     blk_error_action(s->qdev.conf.blk, action, is_read, error);
@@ -2972,6 +3008,7 @@ static const TypeInfo scsi_cd_info = {
 
 #ifdef __linux__
 static Property scsi_block_properties[] = {
+    DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf),         \
     DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
     DEFINE_PROP_END_OF_LIST(),
 };
-- 
2.13.4


Re: [Qemu-devel] [PATCH v2] scsi-block: Add qdev error properties
Posted by Paolo Bonzini 6 years, 7 months ago
On 17/08/2017 16:11, Fam Zheng wrote:
> This makes the werror/rerror options available on the scsi-block device,
> to allow user specify error handling policy in the same way as scsi-hd
> etc.
> 
> Signed-off-by: Fam Zheng <famz@redhat.com>
> 
> ---
> 
> Take care of status, error, sense and QMP as well. [Paolo]
> ---
>  hw/scsi/scsi-disk.c | 81 ++++++++++++++++++++++++++++++++++++++---------------
>  1 file changed, 59 insertions(+), 22 deletions(-)
> 
> diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
> index 5f1e5e8070..124d77c159 100644
> --- a/hw/scsi/scsi-disk.c
> +++ b/hw/scsi/scsi-disk.c
> @@ -106,7 +106,8 @@ typedef struct SCSIDiskState
>      bool tray_locked;
>  } SCSIDiskState;
>  
> -static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed);
> +static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int status,
> +                                bool update_sense, bool acct_failed);
>  
>  static void scsi_free_request(SCSIRequest *req)
>  {
> @@ -179,21 +180,23 @@ static void scsi_disk_load_request(QEMUFile *f, SCSIRequest *req)
>  
>  static bool scsi_disk_req_check_error(SCSIDiskReq *r, int ret, bool acct_failed)
>  {
> +    int status = r->status ? *r->status : 0;
> +
>      if (r->req.io_canceled) {
>          scsi_req_cancel_complete(&r->req);
>          return true;
>      }
>  
> -    if (ret < 0) {
> -        return scsi_handle_rw_error(r, -ret, acct_failed);
> +    if (ret < 0 || status) {
> +        return scsi_handle_rw_error(r, -ret, status, !r->status, acct_failed);

Do we need to pass both ret and !r->status?  We should update the sense
whenever error != 0, meaning the command hasn't run, so you can just add a

	case 0:
	    /* The command has run, no need to fake sense.  */
	    assert(r->status && *r->status);
	    scsi_req_complete(&r->req, *r->status);

in scsi_handle_rw_error's switch statement.

>      }
>  
> -    if (r->status && *r->status) {
> +    if (status) {
>          if (acct_failed) {
>              SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
>              block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
>          }
> -        scsi_req_complete(&r->req, *r->status);
> +        scsi_req_complete(&r->req, status);
>          return true;

This "if" is now dead code (yay!).

>      }
>  
> @@ -428,7 +447,8 @@ static void scsi_read_data(SCSIRequest *req)
>   * scsi_handle_rw_error always manages its reference counts, independent
>   * of the return value.
>   */
> -static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
> +static int scsi_handle_rw_error(SCSIDiskReq *r, int error, int status,
> +                                bool update_sense, bool acct_failed)
>  {
>      bool is_read = (r->req.cmd.mode == SCSI_XFER_FROM_DEV);
>      SCSIDiskState *s = DO_UPCAST(SCSIDiskState, qdev, r->req.dev);
> @@ -439,22 +459,38 @@ static int scsi_handle_rw_error(SCSIDiskReq *r, int error, bool acct_failed)
>          if (acct_failed) {
>              block_acct_failed(blk_get_stats(s->qdev.conf.blk), &r->acct);
>          }
> -        switch (error) {
> -        case ENOMEDIUM:
> -            scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
> -            break;
> -        case ENOMEM:
> -            scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
> -            break;
> -        case EINVAL:
> -            scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
> -            break;
> -        case ENOSPC:
> -            scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
> -            break;
> -        default:
> -            scsi_check_condition(r, SENSE_CODE(IO_ERROR));
> -            break;
> +        if (update_sense) {
> +            switch (error) {
> +            case ENOMEDIUM:
> +                scsi_check_condition(r, SENSE_CODE(NO_MEDIUM));
> +                break;
> +            case ENOMEM:
> +                scsi_check_condition(r, SENSE_CODE(TARGET_FAILURE));
> +                break;
> +            case EINVAL:
> +                scsi_check_condition(r, SENSE_CODE(INVALID_FIELD));
> +                break;
> +            case ENOSPC:
> +                scsi_check_condition(r, SENSE_CODE(SPACE_ALLOC_FAILED));
> +                break;
> +            default:
> +                scsi_check_condition(r, SENSE_CODE(IO_ERROR));
> +                break;
> +            }
> +        }

Because of the dead code above, you're now not running scsi_req_complete.

> +    }
> +    if (!error) {
> +        assert(status);

Since you are using the request object, you might as well
"assert(r->status && *r->status)" and skip passing the argument.

> +        if (scsi_sense_matches(r, SENSE_CODE(NO_MEDIUM))) {
> +            error = ENOMEDIUM;
> +        } else if (scsi_sense_matches(r, SENSE_CODE(TARGET_FAILURE))) {
> +            error = ENOMEM;
> +        } else if (scsi_sense_matches(r, SENSE_CODE(INVALID_FIELD))) {
> +            error = EINVAL;
> +        } else if (scsi_sense_matches(r, SENSE_CODE(SPACE_ALLOC_FAILED))) {
> +            error = ENOSPC;
> +        } else {
> +            error = EIO;

Nice touch :) and in fact the ENOSPC case is needed for correctness.

Later we could also add a blk_error_action version that takes a char*,
and pass a string that describes the sense data (see Linux
drivers/scsi/sense_codes.h).

Paolo

>          }
>      }
>      blk_error_action(s->qdev.conf.blk, action, is_read, error);
> @@ -2972,6 +3008,7 @@ static const TypeInfo scsi_cd_info = {
>  
>  #ifdef __linux__
>  static Property scsi_block_properties[] = {
> +    DEFINE_BLOCK_ERROR_PROPERTIES(SCSIDiskState, qdev.conf),         \
>      DEFINE_PROP_DRIVE("drive", SCSIDiskState, qdev.conf.blk),
>      DEFINE_PROP_END_OF_LIST(),
>  };
> 


Re: [Qemu-devel] [PATCH v2] scsi-block: Add qdev error properties
Posted by Fam Zheng 6 years, 7 months ago
On Thu, 08/17 16:23, Paolo Bonzini wrote:
> > +        if (scsi_sense_matches(r, SENSE_CODE(NO_MEDIUM))) {
> > +            error = ENOMEDIUM;
> > +        } else if (scsi_sense_matches(r, SENSE_CODE(TARGET_FAILURE))) {
> > +            error = ENOMEM;
> > +        } else if (scsi_sense_matches(r, SENSE_CODE(INVALID_FIELD))) {
> > +            error = EINVAL;
> > +        } else if (scsi_sense_matches(r, SENSE_CODE(SPACE_ALLOC_FAILED))) {
> > +            error = ENOSPC;
> > +        } else {
> > +            error = EIO;
> 
> Nice touch :) and in fact the ENOSPC case is needed for correctness.
> 

Offline you mentioned iscsi_translate_sense(). Makes sense to unify both. We can
create a util/scsi.c to move it there.

About the error/non-error condition, is it enough to add a check "status ==
CHECK_CONDITION"?

Fam

Re: [Qemu-devel] [PATCH v2] scsi-block: Add qdev error properties
Posted by Paolo Bonzini 6 years, 7 months ago
On 18/08/2017 05:38, Fam Zheng wrote:
> On Thu, 08/17 16:23, Paolo Bonzini wrote:
>>> +        if (scsi_sense_matches(r, SENSE_CODE(NO_MEDIUM))) {
>>> +            error = ENOMEDIUM;
>>> +        } else if (scsi_sense_matches(r, SENSE_CODE(TARGET_FAILURE))) {
>>> +            error = ENOMEM;
>>> +        } else if (scsi_sense_matches(r, SENSE_CODE(INVALID_FIELD))) {
>>> +            error = EINVAL;
>>> +        } else if (scsi_sense_matches(r, SENSE_CODE(SPACE_ALLOC_FAILED))) {
>>> +            error = ENOSPC;
>>> +        } else {
>>> +            error = EIO;
>>
>> Nice touch :) and in fact the ENOSPC case is needed for correctness.
>>
> 
> Offline you mentioned iscsi_translate_sense(). Makes sense to unify both. We can
> create a util/scsi.c to move it there.
> 
> About the error/non-error condition, is it enough to add a check "status ==
> CHECK_CONDITION"?

No, CHECK_CONDITION is for almost every error.

Of those in iscsi_translate_sense:

- DATA_PROTECTION should be an error

- COMMAND_ABORTED should be passed down

- of the various ILLEGAL_REQUEST cases, only ENOMEDIUM and ENOACCES
should stop.  LBA out of range should never happen (see
scsi_disk_dma_command).

- NOT_READY should also look at asc/ascq individually, like
ILLEGAL_REQUEST, see below

Of those in your list above, these are missing in iscsi_translate_sense:

- SPACE_ALLOC_FAILED (which should stop the VM)

- NOT_READY should also look at asc/ascq individually, like
ILLEGAL_REQUEST.  NO_MEDIUM is returning -EBUSY instead of -ENOMEDIUM.

Among other sense keys, MEDIUM_ERROR and HARDWARE_ERROR probably should
stop the VM.

Paolo

Re: [Qemu-devel] [PATCH v2] scsi-block: Add qdev error properties
Posted by Fam Zheng 6 years, 7 months ago
On Fri, 08/18 08:41, Paolo Bonzini wrote:
> On 18/08/2017 05:38, Fam Zheng wrote:
> > On Thu, 08/17 16:23, Paolo Bonzini wrote:
> >>> +        if (scsi_sense_matches(r, SENSE_CODE(NO_MEDIUM))) {
> >>> +            error = ENOMEDIUM;
> >>> +        } else if (scsi_sense_matches(r, SENSE_CODE(TARGET_FAILURE))) {
> >>> +            error = ENOMEM;
> >>> +        } else if (scsi_sense_matches(r, SENSE_CODE(INVALID_FIELD))) {
> >>> +            error = EINVAL;
> >>> +        } else if (scsi_sense_matches(r, SENSE_CODE(SPACE_ALLOC_FAILED))) {
> >>> +            error = ENOSPC;
> >>> +        } else {
> >>> +            error = EIO;
> >>
> >> Nice touch :) and in fact the ENOSPC case is needed for correctness.
> >>
> > 
> > Offline you mentioned iscsi_translate_sense(). Makes sense to unify both. We can
> > create a util/scsi.c to move it there.
> > 
> > About the error/non-error condition, is it enough to add a check "status ==
> > CHECK_CONDITION"?
> 
> No, CHECK_CONDITION is for almost every error.
> 
> Of those in iscsi_translate_sense:
> 
> - DATA_PROTECTION should be an error
> 
> - COMMAND_ABORTED should be passed down
> 
> - of the various ILLEGAL_REQUEST cases, only ENOMEDIUM and ENOACCES
> should stop.  LBA out of range should never happen (see
> scsi_disk_dma_command).
> 
> - NOT_READY should also look at asc/ascq individually, like
> ILLEGAL_REQUEST, see below

And the same to DATA PROTECT.

> 
> Of those in your list above, these are missing in iscsi_translate_sense:
> 
> - SPACE_ALLOC_FAILED (which should stop the VM)
> 
> - NOT_READY should also look at asc/ascq individually, like
> ILLEGAL_REQUEST.  NO_MEDIUM is returning -EBUSY instead of -ENOMEDIUM.
> 
> Among other sense keys, MEDIUM_ERROR and HARDWARE_ERROR probably should
> stop the VM.

Thanks, I'll work on a new version.

Fam