Re: "Fix ATAPI transfer lengths" causes CD writing regression

From: Jeff Garzik
Date: Wed Oct 31 2007 - 12:06:16 EST


Jens Axboe wrote:
Right, that's of course problematic... There has to be a way to recover
that situation though, or you can't export any user command issue
facility.

You cannot hope to handle all possible effects arising from an app providing an invalid sg header / cdb.

Once you start talking "recovery" you are already screwed: we are talking about low-level hardware commands that are passed straight to the hardware. It is trivial to lock up hardware, brick hardware, and corrupt data at that level.


If this is NOT a privileged app, we must update the command validation to ensure that invalid commands are not transported to the hardware.

If this is a privileged app, our work is done. Fix the app. We gave root rope, and he took it.


I even venture to say that "accept anything, clean up afterwards" is /impossible/ to implement, in addition to being dangerous.

Jeff


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/