1. 15 6月, 2012 1 次提交
    • J
      scsi: Silence unnecessary warnings about ioctl to partition · 6d935928
      Jan Kara 提交于
      Sometimes, warnings about ioctls to partition happen often enough that they
      form majority of the warnings in the kernel log and users complain. In some
      cases warnings are about ioctls such as SG_IO so it's not good to get rid of
      the warnings completely as they can ease debugging of userspace problems
      when ioctl is refused.
      
      Since I have seen warnings from lots of commands, including some proprietary
      userspace applications, I don't think disallowing the ioctls for processes
      with CAP_SYS_RAWIO will happen in the near future if ever. So lets just
      stop warning for processes with CAP_SYS_RAWIO for which ioctl is allowed.
      
      CC: Paolo Bonzini <pbonzini@redhat.com>
      CC: James Bottomley <JBottomley@parallels.com>
      CC: linux-scsi@vger.kernel.org
      Acked-by: NPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: NJan Kara <jack@suse.cz>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      6d935928
  2. 15 1月, 2012 2 次提交
    • P
      block: fail SCSI passthrough ioctls on partition devices · 0bfc96cb
      Paolo Bonzini 提交于
      Linux allows executing the SG_IO ioctl on a partition or LVM volume, and
      will pass the command to the underlying block device.  This is
      well-known, but it is also a large security problem when (via Unix
      permissions, ACLs, SELinux or a combination thereof) a program or user
      needs to be granted access only to part of the disk.
      
      This patch lets partitions forward a small set of harmless ioctls;
      others are logged with printk so that we can see which ioctls are
      actually sent.  In my tests only CDROM_GET_CAPABILITY actually occurred.
      Of course it was being sent to a (partition on a) hard disk, so it would
      have failed with ENOTTY and the patch isn't changing anything in
      practice.  Still, I'm treating it specially to avoid spamming the logs.
      
      In principle, this restriction should include programs running with
      CAP_SYS_RAWIO.  If for example I let a program access /dev/sda2 and
      /dev/sdb, it still should not be able to read/write outside the
      boundaries of /dev/sda2 independent of the capabilities.  However, for
      now programs with CAP_SYS_RAWIO will still be allowed to send the
      ioctls.  Their actions will still be logged.
      
      This patch does not affect the non-libata IDE driver.  That driver
      however already tests for bd != bd->bd_contains before issuing some
      ioctl; it could be restricted further to forbid these ioctls even for
      programs running with CAP_SYS_ADMIN/CAP_SYS_RAWIO.
      
      Cc: linux-scsi@vger.kernel.org
      Cc: Jens Axboe <axboe@kernel.dk>
      Cc: James Bottomley <JBottomley@parallels.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      [ Make it also print the command name when warning - Linus ]
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      0bfc96cb
    • P
      block: add and use scsi_blk_cmd_ioctl · 577ebb37
      Paolo Bonzini 提交于
      Introduce a wrapper around scsi_cmd_ioctl that takes a block device.
      
      The function will then be enhanced to detect partition block devices
      and, in that case, subject the ioctls to whitelisting.
      
      Cc: linux-scsi@vger.kernel.org
      Cc: Jens Axboe <axboe@kernel.dk>
      Cc: James Bottomley <JBottomley@parallels.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      577ebb37
  3. 19 10月, 2011 1 次提交
    • T
      block: drop unnecessary blk_get/put_queue() in scsi_cmd_ioctl() and blk_get_tg() · 315fceee
      Tejun Heo 提交于
      blk_get/put_queue() in scsi_cmd_ioctl() and throtl_get_tg() are
      completely bogus.  The caller must have a reference to the queue on
      entry and taking an extra reference doesn't change anything.
      
      For scsi_cmd_ioctl(), the only effect is that it ends up checking
      QUEUE_FLAG_DEAD on entry; however, this is bogus as queue can die
      right after blk_get_queue().  Dead queue should be and is handled in
      request issue path (it's somewhat broken now but that's a separate
      problem and doesn't affect this one much).
      
      throtl_get_tg() incorrectly assumes that q is rcu freed.  Also, it
      doesn't check return value of blk_get_queue().  If the queue is
      already dead, it ends up doing an extra put.
      
      Drop them.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Cc: Vivek Goyal <vgoyal@redhat.com>
      Signed-off-by: NJens Axboe <axboe@kernel.dk>
      315fceee
  4. 10 11月, 2010 1 次提交
  5. 04 11月, 2009 1 次提交
  6. 11 7月, 2009 1 次提交
  7. 01 7月, 2009 1 次提交
    • J
      block: get rid of queue-private command filter · 018e0446
      Jens Axboe 提交于
      The initial patches to support this through sysfs export were broken
      and have been if 0'ed out in any release. So lets just kill the code
      and reclaim some space in struct request_queue, if anyone would later
      like to fixup the sysfs bits, the git history can easily restore
      the removed bits.
      Signed-off-by: NJens Axboe <jens.axboe@oracle.com>
      018e0446
  8. 23 5月, 2009 1 次提交
  9. 11 5月, 2009 1 次提交
    • T
      block: add rq->resid_len · c3a4d78c
      Tejun Heo 提交于
      rq->data_len served two purposes - the length of data buffer on issue
      and the residual count on completion.  This duality creates some
      headaches.
      
      First of all, block layer and low level drivers can't really determine
      what rq->data_len contains while a request is executing.  It could be
      the total request length or it coulde be anything else one of the
      lower layers is using to keep track of residual count.  This
      complicates things because blk_rq_bytes() and thus
      [__]blk_end_request_all() relies on rq->data_len for PC commands.
      Drivers which want to report residual count should first cache the
      total request length, update rq->data_len and then complete the
      request with the cached data length.
      
      Secondly, it makes requests default to reporting full residual count,
      ie. reporting that no data transfer occurred.  The residual count is
      an exception not the norm; however, the driver should clear
      rq->data_len to zero to signify the normal cases while leaving it
      alone means no data transfer occurred at all.  This reverse default
      behavior complicates code unnecessarily and renders block PC on some
      drivers (ide-tape/floppy) unuseable.
      
      This patch adds rq->resid_len which is used only for residual count.
      
      While at it, remove now unnecessasry blk_rq_bytes() caching in
      ide_pc_intr() as rq->data_len is not changed anymore.
      
      Boaz	: spotted missing conversion in osd
      Sergei	: spotted too early conversion to blk_rq_bytes() in ide-tape
      
      [ Impact: cleanup residual count handling, report 0 resid by default ]
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
      Cc: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
      Cc: Borislav Petkov <petkovbb@googlemail.com>
      Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
      Cc: Mike Miller <mike.miller@hp.com>
      Cc: Eric Moore <Eric.Moore@lsi.com>
      Cc: Alan Stern <stern@rowland.harvard.edu>
      Cc: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
      Cc: Doug Gilbert <dgilbert@interlog.com>
      Cc: Mike Miller <mike.miller@hp.com>
      Cc: Eric Moore <Eric.Moore@lsi.com>
      Cc: Darrick J. Wong <djwong@us.ibm.com>
      Cc: Pete Zaitcev <zaitcev@redhat.com>
      Cc: Boaz Harrosh <bharrosh@panasas.com>
      Signed-off-by: NJens Axboe <jens.axboe@oracle.com>
      c3a4d78c
  10. 28 4月, 2009 2 次提交
  11. 22 4月, 2009 1 次提交
    • T
      block: fix SG_IO vector request data length handling · 25636e28
      Tejun Heo 提交于
      Impact: fix SG_IO behavior such that it matches the documentation
      
      SG_IO howto says that if ->dxfer_len and sum of iovec disagress, the
      shorter one wins.  However, the current implementation returns -EINVAL
      for such cases.  Trim iovc if it's longer than ->dxfer_len.
      
      This patch uses iov_*() helpers which take struct iovec * by casting
      struct sg_iovec * to it.  sg_iovec is always identical to iovec and
      this will be further cleaned up with later patches.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Signed-off-by: NJens Axboe <jens.axboe@oracle.com>
      25636e28
  12. 15 4月, 2009 1 次提交
  13. 26 3月, 2009 1 次提交
  14. 29 12月, 2008 1 次提交
  15. 06 12月, 2008 1 次提交
  16. 21 10月, 2008 4 次提交
  17. 09 10月, 2008 3 次提交
    • F
      block: introduce struct rq_map_data to use reserved pages · 152e283f
      FUJITA Tomonori 提交于
      This patch introduces struct rq_map_data to enable bio_copy_use_iov()
      use reserved pages.
      
      Currently, bio_copy_user_iov allocates bounce pages but
      drivers/scsi/sg.c wants to allocate pages by itself and use
      them. struct rq_map_data can be used to pass allocated pages to
      bio_copy_user_iov.
      
      The current users of bio_copy_user_iov simply passes NULL (they don't
      want to use pre-allocated pages).
      Signed-off-by: NFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
      Cc: Jens Axboe <jens.axboe@oracle.com>
      Cc: Douglas Gilbert <dougg@torque.net>
      Cc: Mike Christie <michaelc@cs.wisc.edu>
      Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
      Signed-off-by: NJens Axboe <jens.axboe@oracle.com>
      152e283f
    • F
      block: add gfp_mask argument to blk_rq_map_user and blk_rq_map_user_iov · a3bce90e
      FUJITA Tomonori 提交于
      Currently, blk_rq_map_user and blk_rq_map_user_iov always do
      GFP_KERNEL allocation.
      
      This adds gfp_mask argument to blk_rq_map_user and blk_rq_map_user_iov
      so sg can use it (sg always does GFP_ATOMIC allocation).
      Signed-off-by: NFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
      Signed-off-by: NDouglas Gilbert <dougg@torque.net>
      Cc: Mike Christie <michaelc@cs.wisc.edu>
      Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
      Signed-off-by: NJens Axboe <jens.axboe@oracle.com>
      a3bce90e
    • X
      SG_IO block filter whitelist missing MMC SET READ AHEAD command · 35e396cd
      xiphmont@xiph.org 提交于
      I have another request for the block filter SG_IO command whitelist,
      specifically the MMC streaming command set SET READ AHEAD command.
      The command applies only to MMC CDROM/DVDROM drives with the streaming
      optional feature set.  The command is useful to cdparanoia in that it
      allows explicit cache control side effects that are, on many drives,
      cdparanoia's most efficient way to flush/disable the media cache on
      cdrom drives. I am aware of no reason why it should not be accessible
      from usespace.
      
      Also note that the command is already fully accessible through the
      SCSI-native version of the SG_IO ioctl as well as the traditional SG
      interface.  The command is only being refused on block devices.  That
      means that on a typical stock distro, the command is available through
      /dev/sg* but not /dev/scd* although both are typically available and
      accessible.  Filtering the command is not providing any protection,
      only a confusing inconsistency.
      Signed-off-by: NJens Axboe <jens.axboe@oracle.com>
      35e396cd
  18. 27 8月, 2008 2 次提交
    • F
      block: rename blk_scsi_cmd_filter to blk_cmd_filter · 4beab5c6
      FUJITA Tomonori 提交于
      Technically, the cmd_filter would be applied to other protocols though
      it's unlikely to happen. Putting SCSI stuff to request_queue is kinda
      layer violation. So let's rename it.
      Signed-off-by: NFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
      Signed-off-by: NJens Axboe <jens.axboe@oracle.com>
      4beab5c6
    • F
      block: move cmdfilter from gendisk to request_queue · abf54393
      FUJITA Tomonori 提交于
      cmd_filter works only for the block layer SG_IO with SCSI block
      devices. It breaks scsi/sg.c, bsg, and the block layer SG_IO with SCSI
      character devices (such as st). We hit a kernel crash with them.
      
      The problem is that cmd_filter code accesses to gendisk (having struct
      blk_scsi_cmd_filter) via inode->i_bdev->bd_disk. It works for only
      SCSI block device files. With character device files, inode->i_bdev
      leads you to struct cdev. inode->i_bdev->bd_disk->blk_scsi_cmd_filter
      isn't safe.
      
      SCSI ULDs don't expose gendisk; they keep it private. bsg needs to be
      independent on any protocols. We shouldn't change ULDs to expose their
      gendisk.
      
      This patch moves struct blk_scsi_cmd_filter from gendisk to
      request_queue, a common object, which eveyone can access to.
      
      The user interface doesn't change; users can change the filters via
      /sys/block/. gendisk has a pointer to request_queue so the cmd_filter
      code accesses to struct blk_scsi_cmd_filter.
      Signed-off-by: NFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
      Signed-off-by: NJens Axboe <jens.axboe@oracle.com>
      abf54393
  19. 30 7月, 2008 1 次提交
    • T
      [SCSI] block: Fix miscalculation of sg_io timeout in CDROM_SEND_PACKET handler. · ad337591
      Tim Wright 提交于
      It seems cdrwtool in the udftools has been unusable on "modern" kernels
      for some time. A Google search reveals many people with the same issue
      but no solution (cdrwtool fails to format the disk). After spending some
      time tracking down the issue, it comes down to the following:
      
      The udftools still use the older CDROM_SEND_PACKET interface to send
      things like FORMAT_UNIT through to the drive. They should really be
      updated, but that's another story. Since most distros are using libata
      now, the cd or dvd burner appears as a SCSI device, and we wind up in
      block/scsi_ioctl.c. Here, the code tries to take the "struct
      cdrom_generic_command" and translate it and stuff it into a "struct
      sg_io_hdr" structure so it can pass it to the modern sg_io() routine
      instead. Unfortunately, there is one error, or rather an omission in the
      translation. The timeout that is passed in in the "struct
      cdrom_generic_command" is in HZ=100 units, and this is modified and
      correctly converted to jiffies by use of clock_t_to_jiffies(). However,
      a little further down, this cgc.timeout value in jiffies is simply
      copied into the sg_io_hdr timeout, which should be in milliseconds.
      Since most modern x86 kernels seems to be getting build with HZ=250, the
      timeout that is passed to sg_io and eventually converted to the
      timeout_per_command member of the scsi_cmnd structure is now four times
      too small. Since cdrwtool tries to set the timeout to one hour for the
      FORMAT_UNIT command, and it takes about 20 minutes to format a 4x CDRW,
      the SCSI error-handler kicks in after the FORMAT_UNIT completes because
      it took longer than the incorrectly-calculated timeout.
      
      [jejb: fix up whitespace]
      Signed-off-by: NTim Wright <timw@splhi.com>
      Cc: Stable Tree <stable@kernel.org>
      Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>
      ad337591
  20. 03 7月, 2008 1 次提交
  21. 03 5月, 2008 1 次提交
  22. 29 4月, 2008 1 次提交
  23. 04 3月, 2008 1 次提交
    • F
      block: restore the meaning of rq->data_len to the true data length · 7a85f889
      FUJITA Tomonori 提交于
      The meaning of rq->data_len was changed to the length of an allocated
      buffer from the true data length. It breaks SG_IO friends and
      bsg. This patch restores the meaning of rq->data_len to the true data
      length and adds rq->extra_len to store an extended length (due to
      drain buffer and padding).
      
      This patch also removes the code to update bio in blk_rq_map_user
      introduced by the commit 40b01b9b.
      The commit adjusts bio according to memory alignment
      (queue_dma_alignment). However, memory alignment is NOT padding
      alignment. This adjustment also breaks SG_IO friends and bsg. Padding
      alignment needs to be fixed in a proper way (by a separate patch).
      Signed-off-by: NFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
      Signed-off-by: NJens Axboe <axboe@carl.home.kernel.dk>
      7a85f889
  24. 19 2月, 2008 1 次提交
    • T
      block: add request->raw_data_len · 6b00769f
      Tejun Heo 提交于
      With padding and draining moved into it, block layer now may extend
      requests as directed by queue parameters, so now a request has two
      sizes - the original request size and the extended size which matches
      the size of area pointed to by bios and later by sgs.  The latter size
      is what lower layers are primarily interested in when allocating,
      filling up DMA tables and setting up the controller.
      
      Both padding and draining extend the data area to accomodate
      controller characteristics.  As any controller which speaks SCSI can
      handle underflows, feeding larger data area is safe.
      
      So, this patch makes the primary data length field, request->data_len,
      indicate the size of full data area and add a separate length field,
      request->raw_data_len, for the unmodified request size.  The latter is
      used to report to higher layer (userland) and where the original
      request size should be fed to the controller or device.
      Signed-off-by: NTejun Heo <htejun@gmail.com>
      Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
      Signed-off-by: NJens Axboe <jens.axboe@oracle.com>
      6b00769f
  25. 18 12月, 2007 1 次提交
  26. 24 7月, 2007 1 次提交
  27. 22 7月, 2007 1 次提交
  28. 20 7月, 2007 1 次提交
  29. 16 7月, 2007 4 次提交