From: Paolo Bonzini <pbonzini@redhat.com>
To: Tejun Heo <tj@kernel.org>
Cc: linux-kernel@vger.kernel.org, pmatouse@redhat.com,
"James E.J. Bottomley" <JBottomley@parallels.com>,
linux-scsi@kernel.org, Jens Axboe <axboe@kernel.dk>
Subject: Re: [PATCH 06/13] sg_io: whitelist a few more commands for multimedia devices
Date: Sat, 26 Jan 2013 11:18:01 +0100 [thread overview]
Message-ID: <5103AD59.2050509@redhat.com> (raw)
In-Reply-To: <20130125234714.GR3081@htj.dyndns.org>
Il 26/01/2013 00:47, Tejun Heo ha scritto:
>> > If I make a whitelist with all the commands that Linux sends, I'll have
>> > many new commands in the whitelist and no old commands. The new
>> > commands didn't exist when old drives were sold, so they are "dangerous"
>> > in your opinion. At that point I might as well keep the whitelist
>> > empty, no?
> Let's not go to extremes. It's not about theoretic correctness.
Once you start looking at what is already in the list, you'll see that
your problem is entirely theoretical, and any choice is going to be arbitrary.
There are already plenty of enabled commands that are not implemented by
most SCSI devices (not just cheap USB enclosures), and I don't see what
the difference should be between say "LOG SELECT" and "ORWRITE".
> It's about how to appraoch a possibly messy practical problem. To me,
> it seems natural to be conservative on this and add what's being
> acitvely used, which as a bonus will also give us at least some
> chance of evaluating what we have and why later on if it ever needs
> to be changed.
>
> I'm just not comfortable with adding a bunch of commands by simply
> scanning the specs. Let's at least have some backing data and
> justification for exposing new ones. I really don't think that's too
> much to ask. Start with minimal set. Grow it as needed. We can
> always grow but the other direction is much harder.
Ok, so I looked at the list. The vast majority of the commands are
added because Linux itself is using them.
Considering only commands that have a "D" (i.e. are supported by
"normal" disks), these maybe can be removed from patch 9. Probably
no one would notice:
+ sgio_bitmap_set(0x07, D| W| O , write); // REASSIGN BLOCKS
+ sgio_bitmap_set(0x29, D| W|R|O , read); // READ GENERATION
+ sgio_bitmap_set(0x2C, D| R|O , write); // ERASE(10)
+ sgio_bitmap_set(0x8B, D , write); // ORWRITE
These two are no-ops so I won't cry too much for them:
+ sgio_bitmap_set(0x34, D| W| O| K , read); // PRE-FETCH(10)
+ sgio_bitmap_set(0x90, D| W| O| B , read); // PRE-FETCH(16)
Everything else has to stay.
For tapes and media changers, all of the commands have to stay.
Paolo
next prev parent reply other threads:[~2013-01-26 10:18 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-24 15:00 [PATCH 00/13] Corrections and customization of the SG_IO command whitelist (CVE-2012-4542) Paolo Bonzini
2013-01-24 15:00 ` [PATCH 01/13] sg_io: pass request_queue to blk_verify_command Paolo Bonzini
2013-01-24 22:34 ` Tejun Heo
2013-01-24 15:00 ` [PATCH 02/13] sg_io: reorganize list of allowed commands Paolo Bonzini
2013-01-24 22:42 ` Tejun Heo
2013-01-24 22:49 ` Tejun Heo
2013-01-24 22:58 ` Tejun Heo
2013-01-25 10:01 ` Paolo Bonzini
2013-01-25 17:13 ` Tejun Heo
2013-01-25 17:26 ` Paolo Bonzini
2013-01-24 15:00 ` [PATCH 03/13] sg_io: use different default filters for each device class Paolo Bonzini
2013-01-24 15:00 ` [PATCH 04/13] sg_io: resolve conflicts between commands assigned to multiple classes (CVE-2012-4542) Paolo Bonzini
2013-01-24 15:00 ` [PATCH 05/13] sg_io: whitelist a few more commands for rare & obsolete device types Paolo Bonzini
2013-01-24 15:00 ` [PATCH 06/13] sg_io: whitelist a few more commands for multimedia devices Paolo Bonzini
2013-01-24 22:55 ` Tejun Heo
2013-01-25 9:26 ` Paolo Bonzini
2013-01-25 17:04 ` Tejun Heo
2013-01-25 17:16 ` Paolo Bonzini
2013-01-25 17:28 ` Tejun Heo
2013-01-25 17:57 ` Paolo Bonzini
2013-01-25 18:13 ` Tejun Heo
2013-01-25 18:47 ` Paolo Bonzini
2013-01-25 19:01 ` Tejun Heo
2013-01-25 22:32 ` Paolo Bonzini
2013-01-25 22:41 ` Tejun Heo
2013-01-25 23:32 ` Paolo Bonzini
2013-01-25 23:47 ` Tejun Heo
2013-01-26 10:18 ` Paolo Bonzini [this message]
2013-01-24 15:00 ` [PATCH 07/13] sg_io: whitelist a few more commands for media changers Paolo Bonzini
2013-01-24 15:00 ` [PATCH 08/13] sg_io: whitelist a few more commands for tapes Paolo Bonzini
2013-01-24 15:00 ` [PATCH 09/13] sg_io: whitelist a few more commands for disks Paolo Bonzini
2013-01-24 15:00 ` [PATCH 10/13] sg_io: whitelist a few obsolete commands Paolo Bonzini
2013-01-24 15:00 ` [PATCH 11/13] sg_io: add list of commands that were in the consulted list but are disabled Paolo Bonzini
2013-01-24 15:00 ` [PATCH 12/13] sg_io: remove remnants of sysfs SG_IO filters Paolo Bonzini
2013-01-24 15:00 ` [PATCH 13/13] sg_io: introduce unpriv_sgio queue flag Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5103AD59.2050509@redhat.com \
--to=pbonzini@redhat.com \
--cc=JBottomley@parallels.com \
--cc=axboe@kernel.dk \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@kernel.org \
--cc=pmatouse@redhat.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).