Re: [PATCH 2/3] block: fail SCSI passthrough ioctls on partition devices

[Linus Torvalds]

On Thu, Jan 5, 2012 at 5:18 AM, Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote:
>
> Would you apply the patches as they are or do you want me to squash in
> something like this?
>
> diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
> index a6bedfe..bb94c88 100644
> --- a/block/scsi_ioctl.c
> +++ b/block/scsi_ioctl.c
> @@ -710,6 +710,14 @@ int scsi_verify_blk_ioctl(struct block_device *bd, unsigned int cmd)
>        case SG_SET_RESERVED_SIZE:
>        case SG_EMULATED_HOST:
>                return 0;
> +
> +       case CDROMEJECT:
> +               /* This is also unsafe for partition devices, but
> +                * "eject /mnt/usb-drive" invokes it.  Warn about it
> +                * and keep backwards compatibility.  */
> +               printk_ratelimited(KERN_WARNING
> +                                  "sending CDROMEJECT ioctl to a partition\n");
> +               return 0;
>        default:
>                break;
>        }

I think that right now the right thing to do woult probably to

 (a) print that warning - naming the actual ioctl number - for *every*
ioctl this disallows.

 (b) after warning, let them through for CAP_SYS_RAWIO, so that if
there are users of them, we will both know about them, _and_ we will
avoid breaking them if there are no security issues.

Hmm? Can you send such an updated patch, and we can get this in early
in the merge window, and start testing? I committed and pushed out the
ENOIOCTLCMD cleanup, let's see if that causes any problems..

                      Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/