SSA disk fencing is a facility which is provided in the SSA subsystem to allow multiple hosts to control access to a common set of disks.
Using the fencing commands provided by the hardware it is possible to exclude individual hosts from accessing a particular disk. The access list for different disks are independent of one another.
Fencing is essentially a function provided by the hardware and manipulated using the hardware commands, but the device driver does have some involvement.
The SSA disk device driver supports fencing by allowing the FN_ISAL_FENCE command, which is defined in the Technical Reference for the adapter, to be issued to SSA logical disks using the SSADISK_ISALCMD ioctl operation.
In order to use fencing, the node_number attribute of the ssar router must be set to a different value on each host which is participating in fencing. Note that after setting node_number the host must be rebooted for the new value to take effect.
By default, the value of node_number is 0. This value has particular significance because it is not possible to exclude a host with node number 0 from access to the disk. Thus if a disk is moved from a machine which has been using fencing to a machine which is not involved in fencing, the new machine will be able to communicate with the disk.
If a host attempts to open a disk from which it has been denied access using the open subroutine, the return code will be -1 and the global variable errno will be set to the value ENOCONNECT. Likewise, if an application already has a SSA Logical disk open but since the open, it has been fenced out then calls to the read or write subroutine will fail, with errno set to ENOCONNECT.
The hardware fencing commands provide for a facility, to forcibly break through a fence. This command can be issued using the SSADISK_ISALCMD ioctl operation but it is necessary first to open the disk. A disk from which the host has been excluded can be opened by using the openx subroutine and specifying the SSADISK_FENCEMODE extension flag as described in SSA disk device driver device-dependent subroutines. While open in this mode no read or write operations will be permitted.
If a host has been excluded from access to a disk using fencing but that disk is also reserved to another host the reservation takes precedence. The return code from the open subroutine will be -1 and the global variable errno will be set to EBUSY. If the host attempts to break through the reservation by passing the ext parameter SSADISK_FORCED_OPEN to the openx subroutine, the reservation will be broken but the open will fail with errno set to ENOCONNECT. In order to break through the fence, the SSA logical disk must be opened in SSADISK_FENCEMODE and the SSADISK_ISALCMD ioctl operation used to issue the appropriate hardware command to break the fence condition.