[bug] 2.6.8: CDROM_SEND_PACKET ioctls failing as non-root on ide scsi drives

[bug] 2.6.8: CDROM_SEND_PACKET ioctls failing as non-root on ide scsi drives

[Luke Kenneth Casson Leighton]

kernel 2.6.8.  ioctl ("/dev/hdc", CDROM_SEND_PACKET, cmd)

commands that are failing as non-root, even when permission is granted
rwxrwxrwx to /dev/hdc, are, according to some debug info added to k3b:

	GET CONFIGURATION (46)
	error code: 0
	sense key: NO SENSE (2)
	asc: 0
	ascq: 0

and:

	MODE SELECT (55)
	error code: 0
	sense key: NO SENSE (2)
	asc: 0
	ascq: 0

the result is that k3b cannot determine that the drive exists, therefore
it cannot use it even though cdrecord might actually work.


as root, the following errors occur:

	MODE SELECT (46)
	errorcode: 70
	sense key: ILLEGAL REQUEST (5)
	asc: 26
	ascq: 0

	READ DVD STRUCTURE (ad)
	errorcode: 70
	sense key: NOT READY (2)
	asc: 3a
	ascq: 0

presumably it can be concluded that the GET CONFIGURATION ioctl command
is the one at fault.

... what gives?

l.

-- 
--
Truth, honesty and respect are rare commodities that all spring from
the same well: Love.  If you love yourself and everyone and everything
around you, funnily and coincidentally enough, life gets a lot better.
--
<a href="http://lkcl.net">      lkcl.net      </a> <br />
<a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />

Re: [bug] 2.6.8: CDROM_SEND_PACKET ioctls failing as non-root on ide scsi drives

[Jens Axboe]

On Mon, Oct 04 2004, Luke Kenneth Casson Leighton wrote:
> kernel 2.6.8.  ioctl ("/dev/hdc", CDROM_SEND_PACKET, cmd)

please search the archives, this has been discussed extensively over the
last month. frankly, I don't know how you were even able to miss it :)

-- 
Jens Axboe

Re: [bug] 2.6.8: CDROM_SEND_PACKET ioctls failing as non-root on ide scsi drives

[Luke Kenneth Casson Leighton]

On Mon, Oct 04, 2004 at 02:59:37PM +0200, Jens Axboe wrote:
> On Mon, Oct 04 2004, Luke Kenneth Casson Leighton wrote:
> > kernel 2.6.8.  ioctl ("/dev/hdc", CDROM_SEND_PACKET, cmd)
> 
> please search the archives, this has been discussed extensively over the
> last month. frankly, I don't know how you were even able to miss it :)
 
 by not subscribing to the list, and searching for things as-and-when.
 ... i _did_ do a google search first, though, i promise!

 "linux kernel cdrom ioctl CDROM_SEND_PACKET" gave this:

	 http://www.cs.helsinki.fi/linux/linux-kernel/2003-13/0617.html

 which isn't exactly this month...

 l.

Re: [bug] 2.6.8: CDROM_SEND_PACKET ioctls failing as non-root on ide scsi drives

[Sean Neakums]

Luke Kenneth Casson Leighton <lkcl@lkcl.net> writes:

> kernel 2.6.8.  ioctl ("/dev/hdc", CDROM_SEND_PACKET, cmd)
>
> commands that are failing as non-root, even when permission is granted
> rwxrwxrwx to /dev/hdc, are, according to some debug info added to k3b:
>
> 	GET CONFIGURATION (46)
> 	error code: 0
> 	sense key: NO SENSE (2)
> 	asc: 0
> 	ascq: 0
>
> and:
>
> 	MODE SELECT (55)
> 	error code: 0
> 	sense key: NO SENSE (2)
> 	asc: 0
> 	ascq: 0
>
> the result is that k3b cannot determine that the drive exists, therefore
> it cannot use it even though cdrecord might actually work.
>
>
> as root, the following errors occur:
>
> 	MODE SELECT (46)
> 	errorcode: 70
> 	sense key: ILLEGAL REQUEST (5)
> 	asc: 26
> 	ascq: 0
>
> 	READ DVD STRUCTURE (ad)
> 	errorcode: 70
> 	sense key: NOT READY (2)
> 	asc: 3a
> 	ascq: 0
>
> presumably it can be concluded that the GET CONFIGURATION ioctl command
> is the one at fault.
>
> ... what gives?

CDROM_SEND_PACKET calls down to sg_io, which calls verify_command,
which will not permit anyone but root to use any unrecognised
commands.  GET CONFIGURATION does not seems to be one of those
recognised.  This check for unrecognised commands is a fairly recent
addition, IIRC.

Re: [bug] 2.6.8: CDROM_SEND_PACKET ioctls failing as non-root on ide scsi drives

[Jens Axboe]

On Mon, Oct 04 2004, Sean Neakums wrote:
> CDROM_SEND_PACKET calls down to sg_io, which calls verify_command,
> which will not permit anyone but root to use any unrecognised
> commands.  GET CONFIGURATION does not seems to be one of those
> recognised.  This check for unrecognised commands is a fairly recent
> addition, IIRC.

2.6.8 didn't have any command granularity, you must be root to issue any
comand there.

-- 
Jens Axboe

Re: [bug] 2.6.8: CDROM_SEND_PACKET ioctls failing as non-root on ide scsi drives

[Sean Neakums]

Jens Axboe <axboe@suse.de> writes:

> On Mon, Oct 04 2004, Sean Neakums wrote:
>> CDROM_SEND_PACKET calls down to sg_io, which calls verify_command,
>> which will not permit anyone but root to use any unrecognised
>> commands.  GET CONFIGURATION does not seems to be one of those
>> recognised.  This check for unrecognised commands is a fairly recent
>> addition, IIRC.
>
> 2.6.8 didn't have any command granularity, you must be root to issue any
> comand there.

I was looking at 2.6.8.1 when I wrote the above, although it's
possible my eye skipped over something.

verify_command certainly seems to do the check:

http://lxr.linux.no/source/drivers/block/scsi_ioctl.c?v=2.6.8.1#L113

And it looks the same in the 2.6.8 tree I have here, too.

(Not trying to be an ass, just concerned about my reading comprehension.)

Re: [bug] 2.6.8: CDROM_SEND_PACKET ioctls failing as non-root on ide scsi drives

[Jens Axboe]

On Mon, Oct 04 2004, Sean Neakums wrote:
> Jens Axboe <axboe@suse.de> writes:
> 
> > On Mon, Oct 04 2004, Sean Neakums wrote:
> >> CDROM_SEND_PACKET calls down to sg_io, which calls verify_command,
> >> which will not permit anyone but root to use any unrecognised
> >> commands.  GET CONFIGURATION does not seems to be one of those
> >> recognised.  This check for unrecognised commands is a fairly recent
> >> addition, IIRC.
> >
> > 2.6.8 didn't have any command granularity, you must be root to issue any
> > comand there.
> 
> I was looking at 2.6.8.1 when I wrote the above, although it's
> possible my eye skipped over something.
> 
> verify_command certainly seems to do the check:
> 
> http://lxr.linux.no/source/drivers/block/scsi_ioctl.c?v=2.6.8.1#L113
> 
> And it looks the same in the 2.6.8 tree I have here, too.

You are right, it was added before, my recollection of the events
apparently isn't so good either. You are right in that GET_CONFIGURATION
was added later, post 2.6.8 release.

> (Not trying to be an ass, just concerned about my reading comprehension.)

:-)

-- 
Jens Axboe

Re: [bug] 2.6.8: CDROM_SEND_PACKET ioctls failing as non-root on ide scsi drives

[Luke Kenneth Casson Leighton]

On Mon, Oct 04, 2004 at 02:49:39PM +0100, Sean Neakums wrote:
> Jens Axboe <axboe@suse.de> writes:
> 
> > On Mon, Oct 04 2004, Sean Neakums wrote:
> >> CDROM_SEND_PACKET calls down to sg_io, which calls verify_command,
> >> which will not permit anyone but root to use any unrecognised
> >> commands.  GET CONFIGURATION does not seems to be one of those
> >> recognised.  This check for unrecognised commands is a fairly recent
> >> addition, IIRC.
> >
> > 2.6.8 didn't have any command granularity, you must be root to issue any
> > comand there.
> 
> I was looking at 2.6.8.1 when I wrote the above, although it's
> possible my eye skipped over something.
 
  ah yes now i have found the issue i have a confession to make,
  i'm actually running 2.6.8.1-selinux1.

  i didn't want to mention that in case it was selinux that was the
  problem :)

  l.

Re: [bug] 2.6.8: CDROM_SEND_PACKET ioctls failing as non-root on ide scsi drives

[Luke Kenneth Casson Leighton]

[-- Attachment #1: Type: text/plain, Size: 774 bytes --]

On Mon, Oct 04, 2004 at 02:30:03PM +0100, Sean Neakums wrote:

> > ... what gives?
> 
> CDROM_SEND_PACKET calls down to sg_io, which calls verify_command,
> which will not permit anyone but root to use any unrecognised
> commands.  GET CONFIGURATION does not seems to be one of those
> recognised.  

 oh, right, i didn't think of checking that. 

 so if i just add that command, everything works hunky-dory.

 well, i'll try it!

 l.

-- 
--
Truth, honesty and respect are rare commodities that all spring from
the same well: Love.  If you love yourself and everyone and everything
around you, funnily and coincidentally enough, life gets a lot better.
--
<a href="http://lkcl.net">      lkcl.net      </a> <br />
<a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />


[-- Attachment #2: scsi_ioctl.diff --]
[-- Type: text/plain, Size: 588 bytes --]

Index: drivers/block/scsi_ioctl.c
===================================================================
RCS file: /cvsroot/selinux/nsa/linux-2.6/drivers/block/scsi_ioctl.c,v
retrieving revision 1.1.1.9
diff -u -r1.1.1.9 scsi_ioctl.c
--- drivers/block/scsi_ioctl.c	19 Aug 2004 14:25:16 -0000	1.1.1.9
+++ drivers/block/scsi_ioctl.c	4 Oct 2004 14:07:25 -0000
@@ -146,6 +146,7 @@
 		safe_for_read(GPCMD_READ_TOC_PMA_ATIP),
 		safe_for_read(GPCMD_REPORT_KEY),
 		safe_for_read(GPCMD_SCAN),
+		safe_for_read(GPCMD_GET_CONFIGURATION),
 
 		/* Basic writing commands */
 		safe_for_write(WRITE_6),