| Message ID | 1506005362-13429-1-git-send-email-pbonzini@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
This looks ok to me, but do we even need to keep the special
cases above? Is there anything relying on the safe but not very
useful ioctls?
Condensing the thing down to:
int scsi_verify_blk_ioctl(struct block_device *bd, unsigned int cmd)
{
if (bd && bd == bd->bd_contains)
return 0;
if (capable(CAP_SYS_RAWIO))
return 0;
return -ENOIOCTLCMD;
}
would certainly be nice.
On 21/09/2017 16:53, Christoph Hellwig wrote: > This looks ok to me, but do we even need to keep the special > cases above? Is there anything relying on the safe but not very > useful ioctls? No idea, I stuck to the usual "don't break userspace" rule. Honestly I doubt anything is using most of those ioctls _in general_, not just on a partition. Paolo > Condensing the thing down to: > > int scsi_verify_blk_ioctl(struct block_device *bd, unsigned int cmd) > { > if (bd && bd == bd->bd_contains) > return 0; > if (capable(CAP_SYS_RAWIO)) > return 0; > return -ENOIOCTLCMD; > } > > would certainly be nice.
On 21/09/2017 16:49, Paolo Bonzini wrote: > After the first few months, the message has not led to many bug reports. > It's been almost five years now, and in practice the main source of > it seems to be MTIOCGET that someone is using to detect tape devices. > While we could whitelist it just like CDROM_GET_CAPABILITY, this patch > just removes the message altogether. > > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Ping (with fixed email address for Jens)... Paolo
On Tue, Oct 03, 2017 at 06:22:23PM +0200, Paolo Bonzini wrote: > On 21/09/2017 16:49, Paolo Bonzini wrote: > > After the first few months, the message has not led to many bug reports. > > It's been almost five years now, and in practice the main source of > > it seems to be MTIOCGET that someone is using to detect tape devices. > > While we could whitelist it just like CDROM_GET_CAPABILITY, this patch > > just removes the message altogether. > > > > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> > > Ping (with fixed email address for Jens)... How about implementing the revised version I suggested?
diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c index 7440de44dd85..eafcd67e2480 100644 --- a/block/scsi_ioctl.c +++ b/block/scsi_ioctl.c @@ -707,24 +707,10 @@ int scsi_verify_blk_ioctl(struct block_device *bd, unsigned int cmd) case SG_SET_RESERVED_SIZE: case SG_EMULATED_HOST: return 0; - case CDROM_GET_CAPABILITY: - /* Keep this until we remove the printk below. udev sends it - * and we do not want to spam dmesg about it. CD-ROMs do - * not have partitions, so we get here only for disks. - */ - return -ENOIOCTLCMD; default: - break; + /* In particular, rule out all resets and host-specific ioctls. */ + return capable(CAP_SYS_RAWIO) ? 0 : -ENOIOCTLCMD; } - - if (capable(CAP_SYS_RAWIO)) - return 0; - - /* In particular, rule out all resets and host-specific ioctls. */ - printk_ratelimited(KERN_WARNING - "%s: sending ioctl %x to a partition!\n", current->comm, cmd); - - return -ENOIOCTLCMD; } EXPORT_SYMBOL(scsi_verify_blk_ioctl);
After the first few months, the message has not led to many bug reports. It's been almost five years now, and in practice the main source of it seems to be MTIOCGET that someone is using to detect tape devices. While we could whitelist it just like CDROM_GET_CAPABILITY, this patch just removes the message altogether. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> --- block/scsi_ioctl.c | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-)