[PATCH] Allow ATA_ passthrough command through sg.

linux-ide.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] Allow ATA_ passthrough command through sg.
@ 2009-06-29 21:24 Gwendal Grignou
  2009-06-29 22:20 ` Alan Cox
  2009-06-30  0:21 ` Douglas Gilbert
  0 siblings, 2 replies; 5+ messages in thread
From: Gwendal Grignou @ 2009-06-29 21:24 UTC (permalink / raw)
  To: jens.axboe; +Cc: linux-scsi, linux-ide, Gwendal Grignou

We can already send ATA specific commands using /dev/sd device files.
This patch allow to use /dev/sg device files as well.

Signed-off-by: Gwendal Grignou <gwendal@google.com>
---
 block/scsi_ioctl.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
index 82a0ca2..93fa53e 100644
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -186,6 +186,12 @@ void blk_set_cmd_filter_defaults(struct blk_cmd_filter *filter)
 	__set_bit(GPCMD_LOAD_UNLOAD, filter->write_ok);
 	__set_bit(GPCMD_SET_STREAMING, filter->write_ok);
 	__set_bit(GPCMD_SET_READ_AHEAD, filter->write_ok);
+
+	/* ATA Passthrough */
+	__set_bit(ATA_12, filter->read_ok);
+	__set_bit(ATA_12, filter->write_ok);
+	__set_bit(ATA_16, filter->read_ok);
+	__set_bit(ATA_16, filter->write_ok);
 }
 EXPORT_SYMBOL_GPL(blk_set_cmd_filter_defaults);
 
-- 
1.5.4.3


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] Allow ATA_ passthrough command through sg.
  2009-06-29 21:24 [PATCH] Allow ATA_ passthrough command through sg Gwendal Grignou
@ 2009-06-29 22:20 ` Alan Cox
  2009-06-29 23:26   ` Jeff Garzik
  2009-06-30  0:21 ` Douglas Gilbert
  1 sibling, 1 reply; 5+ messages in thread
From: Alan Cox @ 2009-06-29 22:20 UTC (permalink / raw)
  Cc: jens.axboe, linux-scsi, linux-ide, Gwendal Grignou

On Mon, 29 Jun 2009 14:24:25 -0700
Gwendal Grignou <gwendal@google.com> wrote:

> We can already send ATA specific commands using /dev/sd device files.
> This patch allow to use /dev/sg device files as well.

That seems a very very bad idea. The point of the filters is only to
allow through commands that are safe for all users with read or write
permission to use.

Backdooring it with arbitary passthrough ATA12/ATA16 commands doesn't
seem very wise.


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] Allow ATA_ passthrough command through sg.
  2009-06-29 22:20 ` Alan Cox
@ 2009-06-29 23:26   ` Jeff Garzik
  2009-06-29 23:39     ` Gwendal Grignou
  0 siblings, 1 reply; 5+ messages in thread
From: Jeff Garzik @ 2009-06-29 23:26 UTC (permalink / raw)
  To: Alan Cox; +Cc: Gwendal Grignou, jens.axboe, linux-scsi, linux-ide

Alan Cox wrote:
> On Mon, 29 Jun 2009 14:24:25 -0700
> Gwendal Grignou <gwendal@google.com> wrote:
> 
>> We can already send ATA specific commands using /dev/sd device files.
>> This patch allow to use /dev/sg device files as well.
> 
> That seems a very very bad idea. The point of the filters is only to
> allow through commands that are safe for all users with read or write
> permission to use.
> 
> Backdooring it with arbitary passthrough ATA12/ATA16 commands doesn't
> seem very wise.

Indeed.  This pretty much defeats the filter for all ATA commands, 
including ones that can brick your drive.

	Jeff




^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] Allow ATA_ passthrough command through sg.
  2009-06-29 23:26   ` Jeff Garzik
@ 2009-06-29 23:39     ` Gwendal Grignou
  0 siblings, 0 replies; 5+ messages in thread
From: Gwendal Grignou @ 2009-06-29 23:39 UTC (permalink / raw)
  To: Jeff Garzik; +Cc: Alan Cox, jens.axboe, linux-scsi, linux-ide

Sorry for the noise: I thought I needed that change to send ATA
passthrough commands as root. The change is indeed useless and
dangerous.

Gwendal.

On Mon, Jun 29, 2009 at 4:26 PM, Jeff Garzik<jeff@garzik.org> wrote:
> Alan Cox wrote:
>>
>> On Mon, 29 Jun 2009 14:24:25 -0700
>> Gwendal Grignou <gwendal@google.com> wrote:
>>
>>> We can already send ATA specific commands using /dev/sd device files.
>>> This patch allow to use /dev/sg device files as well.
>>
>> That seems a very very bad idea. The point of the filters is only to
>> allow through commands that are safe for all users with read or write
>> permission to use.
>>
>> Backdooring it with arbitary passthrough ATA12/ATA16 commands doesn't
>> seem very wise.
>
> Indeed.  This pretty much defeats the filter for all ATA commands, including
> ones that can brick your drive.
>
>        Jeff
>
>
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] Allow ATA_ passthrough command through sg.
  2009-06-29 21:24 [PATCH] Allow ATA_ passthrough command through sg Gwendal Grignou
  2009-06-29 22:20 ` Alan Cox
@ 2009-06-30  0:21 ` Douglas Gilbert
  1 sibling, 0 replies; 5+ messages in thread
From: Douglas Gilbert @ 2009-06-30  0:21 UTC (permalink / raw)
  To: Gwendal Grignou; +Cc: jens.axboe, linux-scsi, linux-ide

Strange, my utilities and packages like smartmontools
have been sending them through for at least three years.

I presume this patch allows non-root users to send these
commands. Might there be security implications if ATA
WRITE commands are sent through? Non-root users would
still need permissions on the sg device node (e.g.
/dev/sg1).

Doug Gilbert


Gwendal Grignou wrote:
> We can already send ATA specific commands using /dev/sd device files.
> This patch allow to use /dev/sg device files as well.
> 
> Signed-off-by: Gwendal Grignou <gwendal@google.com>
> ---
>  block/scsi_ioctl.c |    6 ++++++
>  1 files changed, 6 insertions(+), 0 deletions(-)
> 
> diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
> index 82a0ca2..93fa53e 100644
> --- a/block/scsi_ioctl.c
> +++ b/block/scsi_ioctl.c
> @@ -186,6 +186,12 @@ void blk_set_cmd_filter_defaults(struct blk_cmd_filter *filter)
>  	__set_bit(GPCMD_LOAD_UNLOAD, filter->write_ok);
>  	__set_bit(GPCMD_SET_STREAMING, filter->write_ok);
>  	__set_bit(GPCMD_SET_READ_AHEAD, filter->write_ok);
> +
> +	/* ATA Passthrough */
> +	__set_bit(ATA_12, filter->read_ok);
> +	__set_bit(ATA_12, filter->write_ok);
> +	__set_bit(ATA_16, filter->read_ok);
> +	__set_bit(ATA_16, filter->write_ok);
>  }
>  EXPORT_SYMBOL_GPL(blk_set_cmd_filter_defaults);
>  


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2009-06-30  0:21 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-06-29 21:24 [PATCH] Allow ATA_ passthrough command through sg Gwendal Grignou
2009-06-29 22:20 ` Alan Cox
2009-06-29 23:26   ` Jeff Garzik
2009-06-29 23:39     ` Gwendal Grignou
2009-06-30  0:21 ` Douglas Gilbert

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).