[RFC PATCH 0/4] SG_IO filtering via sysfs and minimal whitelist

From: Paolo Bonzini
Date: Mon May 27 2013 - 09:50:37 EST

Next message: Paolo Bonzini: "[RFC PATCH 1/4] block: add back queue-private command filter"
Previous message: Mayuresh Kulkarni: "[PATCH] drm/tegra: add support for runtime pm"
Next in thread: Paolo Bonzini: "[RFC PATCH 1/4] block: add back queue-private command filter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 12 Sep 2012 09:05:41 +0100, James Bottomley wrote:
> This is why the whole filter thing was mutable via sysfs. That way the
> admin could set this up per device. It sounds like this is what you
> want to fix, rather than opening up more holes in an already leaky
> security apparatus. The ideal is that we would be much more restrictive
> by default and give root the ability to override this both globally and
> per-device to conform to whatever policy it has for the virtual
> environments.
>
> The patch which removed all of the sysfs pieces was:
>
> commit 018e0446890661504783f92388ecce7138c1566d
> Author: Jens Axboe <jens.axboe@xxxxxxxxxx>
> Date: Fri Jun 26 16:27:10 2009 +0200
>
> block: get rid of queue-private command filter
>
> So that's probably the place to start for putting it back properly.

[https://lkml.org/lkml/2012/9/12/76]

We've been running in circles for nine months now. Let's restart from
the maintainer's suggestion, which was probably dismissed too quickly.

This is still not a complete solution, because /dev/sgN does not have
access to its queue object. Still, it can be a base for discussion.

If accepted (in a complete form with access to the queue object for
non-block devices), this series removes the need to fix the opcode
conflicts as far as I'm concerned. We could just consider that a
feature of CONFIG_BLK_DEV_SG_FILTER_MMC.

Previously posted at https://lkml.org/lkml/2012/9/25/397 (short thread).
Rebased just fine, this one is compile-tested only.

Paolo

Paolo Bonzini (4):
block: add back queue-private command filter
scsi: create an all-zero filter for scanners
block: add back command filter modification via sysfs
scsi: lock out SG_IO by default to unprivileged users

Documentation/block/queue-sysfs.txt | 16 +++++
block/Kconfig | 22 ++++++
block/blk-sysfs.c | 43 ++++++++++++
block/bsg.c | 2 +-
block/scsi_ioctl.c | 131 +++++++++++++++++++++++++++++++-----
drivers/scsi/scsi_scan.c | 8 ++-
drivers/scsi/sg.c | 7 +-
include/linux/blkdev.h | 31 ++++++++-
8 files changed, 238 insertions(+), 22 deletions(-)

--
1.8.1.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paolo Bonzini: "[RFC PATCH 1/4] block: add back queue-private command filter"
Previous message: Mayuresh Kulkarni: "[PATCH] drm/tegra: add support for runtime pm"
Next in thread: Paolo Bonzini: "[RFC PATCH 1/4] block: add back queue-private command filter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]