On Wed, 2019-04-03 at 09:06 -0700, Bart Van Assche wrote: +AD4 scsi+AF8-send+AF8-eh+AF8-cmnd() is only used to request sense data, to submit a TUR or +AD4 to submit a START UNIT. None of these commands modify the data stored on +AD4 the SCSI device so there is no risk of data loss. +AD4 +AD4 The ability to modify the SCSI device state was introduced by commit +AD4 638127e579a4 (+ACIAWw-PATCH+AF0 Fix error handler offline behaviour+ACIAOw v2.6.12). That +AD4 same commit introduced the following device states: +AD4 +AD4 +AHs SDEV+AF8-CREATED, +ACI-created+ACI +AH0, +AD4 +AHs SDEV+AF8-RUNNING, +ACI-running+ACI +AH0, +AD4 +AHs SDEV+AF8-CANCEL, +ACI-cancel+ACI +AH0, +AD4 +AHs SDEV+AF8-DEL, +ACI-deleted+ACI +AH0, +AD4 +AHs SDEV+AF8-QUIESCE, +ACI-quiesce+ACI +AH0, +AD4 +AHs SDEV+AF8-OFFLINE, +ACI-offline+ACI +AH0, +AD4 +AD4 The SDEV+AF8-BLOCK state was introduced later to avoid that an FC cable pull +AD4 would immediately result in an I/O error (commit 1094e682310e+ADs +ACIAWw-PATCH+AF0 +AD4 suspending I/Os to a device+ACIAOw v2.6.12). I'm not sure whether the ability to +AD4 set the SDEV+AF8-BLOCK state from user space was introduced on purpose or +AD4 accidentally. +AD4 +AD4 I think there are three alternatives: +AD4 (1) Accept that some error handling steps are skipped if a user sets the +AD4 device state to +ACI-blocked+ACI. +AD4 (2) Prevent users to change the device state to +ACI-blocked+ACI. +AD4 (3) Split SDEV+AF8-BLOCK into SDEV+AF8-BLOCKED+AF8-BY+AF8-USER and SDEV+AF8-BLOCKED+AF8-BY+AF8-TRANSPORT +AD4 and only skip sending EH commands to the device in state +AD4 SDEV+AF8-BLOCKED+AF8-BY+AF8-TRANSPORT. (repyling to my own e-mail) Does anyone want to share an opinion about the above? Thanks, Bart.
