From: Mark Lord <kernel@teksavvy.com>
To: IDE/ATA development list <linux-ide@vger.kernel.org>
Subject: Problem: security locked disk and partition table read..
Date: Tue, 18 Jan 2011 23:52:01 -0500 [thread overview]
Message-ID: <4D366DF1.3000303@teksavvy.com> (raw)
I was sorting through drives here today, and found one that
was "security locked" (had a user passwd set on it),
and for which I did not know the password.
So I hotplugged it to my SiI-3132 card, with the intent
of simply erasing the drive (thereby clearing the passwd)
using hdparm.
Except.. the kernel (?) sat there for a very long time trying
(and failing) over and over and over and over and over and over
to read sector-0 (the partition table). Of course the reads
each failed, and then got retried 5-times by SCSI, and then
retried again a zillion times at a higher level.
There's no hope of a read (or write) ever succeeding on a
security locked drive. So why do we even bother allowing them?
To fix the problem at hand, I patched libata-scsi.c to simply
fail any command other that ATA_12 or ATA_16 (passthru).
This resulted in 56 occurences of this in syslog
when the drive was subsequently powered on:
[ 11.050986] ata_scsi_translate: blocking SCSI op 0x28 ATA op 0x60
[ 11.050991] sd 2:0:0:0: [sdb] Result: hostbyte=0x00 driverbyte=0x08
[ 11.050994] sd 2:0:0:0: [sdb] Sense Key : 0x5 [current]
[ 11.050998] sd 2:0:0:0: [sdb] ASC=0x21 ASCQ=0x0
[ 11.051001] sd 2:0:0:0: [sdb] CDB: cdb[0]=0x28: 28 00 00 00 00 00 00 00 08 00
[ 11.051008] end_request: I/O error, dev sdb, sector 0
Why so many attempts to read the partition table???
Anyway, here's the hack I used:
--- a/drivers/ata/libata-scsi.c 2010-12-09 20:39:24.401410310 -0500
+++ b/drivers/ata/libata-scsi.c 2011-01-18 20:04:06.017446657 -0500
@@ -1819,7 +1819,15 @@
if (xlat_func(qc))
goto early_finish;
-
+ /* don't flog a dead horse, err.. drive, if it is security-locked */
+ if (cmd->cmnd[0] != ATA_12 && cmd->cmnd[0] != ATA_16) {
+ if (dev->id[128] & (1<<2)) { /* locked? */
+ printk(KERN_INFO "%s: blocking SCSI op 0x%02x ATA op 0x%02x\n", __func__,
cmd->cmnd[0], qc->tf.command);
+ ata_scsi_set_sense(cmd, ILLEGAL_REQUEST, 0x21, 0x0);
+ goto early_finish;
+ }
+ }
+
if (ap->ops->qc_defer) {
if ((rc = ap->ops->qc_defer(qc)))
goto defer;
Ideally, that should get re-coded to block only READ/WRITE accesses,
and allow all other commands through, but it worked well enough for
the situation at hand. After the quick failure of the 56 attempts
to read the partition table, I was then able to use hdparm to issue
the security-erase command to clear out the drive.
Suggestions?
Anyone want to gain fame and fortune (well, fame anyway) by implementing
this more properly?
Cheers
next reply other threads:[~2011-01-19 4:52 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-19 4:52 Mark Lord [this message]
2011-01-19 15:08 ` Problem: security locked disk and partition table read Tejun Heo
2011-07-06 11:41 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D366DF1.3000303@teksavvy.com \
--to=kernel@teksavvy.com \
--cc=linux-ide@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).