1. 24 Nov, 2014 1 commit
  2. 10 Nov, 2014 1 commit
  3. 23 Oct, 2014 1 commit
    • Jan Kara's avatar
      scsi: Fix error handling in SCSI_IOCTL_SEND_COMMAND · 84ce0f0e
      Jan Kara authored
      When sg_scsi_ioctl() fails to prepare request to submit in
      blk_rq_map_kern() we jump to a label where we just end up copying
      (luckily zeroed-out) kernel buffer to userspace instead of reporting
      error. Fix the problem by jumping to the right label.
      
      CC: Jens Axboe <axboe@kernel.dk>
      CC: linux-scsi@vger.kernel.org
      CC: stable@vger.kernel.org
      Coverity-id: 1226871
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      
      Fixed up the, now unused, out label.
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      84ce0f0e
  4. 28 Aug, 2014 1 commit
    • Joe Lawrence's avatar
      block,scsi: fixup blk_get_request dead queue scenarios · a492f075
      Joe Lawrence authored
      The blk_get_request function may fail in low-memory conditions or during
      device removal (even if __GFP_WAIT is set). To distinguish between these
      errors, modify the blk_get_request call stack to return the appropriate
      ERR_PTR. Verify that all callers check the return status and consider
      IS_ERR instead of a simple NULL pointer check.
      
      For consistency, make a similar change to the blk_mq_alloc_request leg
      of blk_get_request.  It may fail if the queue is dead, or the caller was
      unwilling to wait.
      Signed-off-by: default avatarJoe Lawrence <joe.lawrence@stratus.com>
      Acked-by: Jiri Kosina <jkosina@suse.cz> [for pktdvd]
      Acked-by: Boaz Harrosh <bharrosh@panasas.com> [for osd]
      Reviewed-by: default avatarJeff Moyer <jmoyer@redhat.com>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      a492f075
  5. 26 Aug, 2014 2 commits
  6. 22 Aug, 2014 3 commits
  7. 01 Jul, 2014 2 commits
    • Douglas Gilbert's avatar
      block SG_IO: add SG_FLAG_Q_AT_HEAD flag · d1515613
      Douglas Gilbert authored
      After the SG_IO ioctl was copied into the block layer and
      later into the bsg driver, subtle differences emerged.
      
      One difference is the way injected commands are queued through
      the block layer (i.e. this is not SCSI device queueing nor SATA
      NCQ). Summarizing:
        - SG_IO on block layer device: blk_exec*(at_head=false)
        - sg device SG_IO: at_head=true
        - bsg device SG_IO: at_head=true
      
      Some time ago Boaz Harrosh introduced a sg v4 flag called
      BSG_FLAG_Q_AT_TAIL to override the bsg driver default. A
      recent patch titled: "sg: add SG_FLAG_Q_AT_TAIL flag"
      allowed the sg driver default to be overridden. This patch
      allows a SG_IO ioctl sent to a block layer device to have
      its default overridden.
      
      ChangeLog:
          - introduce SG_FLAG_Q_AT_HEAD flag in sg.h to cause
            commands that are injected via a block layer
            device SG_IO ioctl to set at_head=true
          - make comments clearer about queueing in sg.h since the
            header is used both by the sg device and block layer
            device implementations of the SG_IO ioctl.
          - introduce BSG_FLAG_Q_AT_HEAD in bsg.h for compatibility
            (it does nothing) and update comments.
      Signed-off-by: default avatarDouglas Gilbert <dgilbert@interlog.com>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Reviewed-by: default avatarMike Christie <michaelc@cs.wisc.edu>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      d1515613
    • Akinobu Mita's avatar
      block: fix SG_[GS]ET_RESERVED_SIZE ioctl when max_sectors is huge · 9b4231bf
      Akinobu Mita authored
      SG_GET_RESERVED_SIZE and SG_SET_RESERVED_SIZE ioctls access a reserved
      buffer in bytes as int type.  The value needs to be capped at the request
      queue's max_sectors.  But integer overflow is not correctly handled in
      the calculation when converting max_sectors from sectors to bytes.
      Signed-off-by: default avatarAkinobu Mita <akinobu.mita@gmail.com>
      Cc: Jens Axboe <axboe@kernel.dk>
      Cc: "James E.J. Bottomley" <JBottomley@parallels.com>
      Cc: Douglas Gilbert <dgilbert@interlog.com>
      Cc: linux-scsi@vger.kernel.org
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      9b4231bf
  8. 06 Jun, 2014 1 commit
    • Jens Axboe's avatar
      block: add blk_rq_set_block_pc() · f27b087b
      Jens Axboe authored
      With the optimizations around not clearing the full request at alloc
      time, we are leaving some of the needed init for REQ_TYPE_BLOCK_PC
      up to the user allocating the request.
      
      Add a blk_rq_set_block_pc() that sets the command type to
      REQ_TYPE_BLOCK_PC, and properly initializes the members associated
      with this type of request. Update callers to use this function instead
      of manipulating rq->cmd_type directly.
      
      Includes fixes from Christoph Hellwig <hch@lst.de> for my half-assed
      attempt.
      Signed-off-by: default avatarJens Axboe <axboe@fb.com>
      f27b087b
  9. 29 May, 2014 1 commit
  10. 22 Jan, 2014 1 commit
  11. 08 Nov, 2013 1 commit
  12. 08 May, 2013 1 commit
  13. 15 Jun, 2012 1 commit
    • Jan Kara's avatar
      scsi: Silence unnecessary warnings about ioctl to partition · 6d935928
      Jan Kara authored
      Sometimes, warnings about ioctls to partition happen often enough that they
      form majority of the warnings in the kernel log and users complain. In some
      cases warnings are about ioctls such as SG_IO so it's not good to get rid of
      the warnings completely as they can ease debugging of userspace problems
      when ioctl is refused.
      
      Since I have seen warnings from lots of commands, including some proprietary
      userspace applications, I don't think disallowing the ioctls for processes
      with CAP_SYS_RAWIO will happen in the near future if ever. So lets just
      stop warning for processes with CAP_SYS_RAWIO for which ioctl is allowed.
      
      CC: Paolo Bonzini <pbonzini@redhat.com>
      CC: James Bottomley <JBottomley@parallels.com>
      CC: linux-scsi@vger.kernel.org
      Acked-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      6d935928
  14. 14 Jan, 2012 2 commits
    • Paolo Bonzini's avatar
      block: fail SCSI passthrough ioctls on partition devices · 0bfc96cb
      Paolo Bonzini authored
      Linux allows executing the SG_IO ioctl on a partition or LVM volume, and
      will pass the command to the underlying block device.  This is
      well-known, but it is also a large security problem when (via Unix
      permissions, ACLs, SELinux or a combination thereof) a program or user
      needs to be granted access only to part of the disk.
      
      This patch lets partitions forward a small set of harmless ioctls;
      others are logged with printk so that we can see which ioctls are
      actually sent.  In my tests only CDROM_GET_CAPABILITY actually occurred.
      Of course it was being sent to a (partition on a) hard disk, so it would
      have failed with ENOTTY and the patch isn't changing anything in
      practice.  Still, I'm treating it specially to avoid spamming the logs.
      
      In principle, this restriction should include programs running with
      CAP_SYS_RAWIO.  If for example I let a program access /dev/sda2 and
      /dev/sdb, it still should not be able to read/write outside the
      boundaries of /dev/sda2 independent of the capabilities.  However, for
      now programs with CAP_SYS_RAWIO will still be allowed to send the
      ioctls.  Their actions will still be logged.
      
      This patch does not affect the non-libata IDE driver.  That driver
      however already tests for bd != bd->bd_contains before issuing some
      ioctl; it could be restricted further to forbid these ioctls even for
      programs running with CAP_SYS_ADMIN/CAP_SYS_RAWIO.
      
      Cc: linux-scsi@vger.kernel.org
      Cc: Jens Axboe <axboe@kernel.dk>
      Cc: James Bottomley <JBottomley@parallels.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      [ Make it also print the command name when warning - Linus ]
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      0bfc96cb
    • Paolo Bonzini's avatar
      block: add and use scsi_blk_cmd_ioctl · 577ebb37
      Paolo Bonzini authored
      Introduce a wrapper around scsi_cmd_ioctl that takes a block device.
      
      The function will then be enhanced to detect partition block devices
      and, in that case, subject the ioctls to whitelisting.
      
      Cc: linux-scsi@vger.kernel.org
      Cc: Jens Axboe <axboe@kernel.dk>
      Cc: James Bottomley <JBottomley@parallels.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      577ebb37
  15. 19 Oct, 2011 1 commit
    • Tejun Heo's avatar
      block: drop unnecessary blk_get/put_queue() in scsi_cmd_ioctl() and blk_get_tg() · 315fceee
      Tejun Heo authored
      blk_get/put_queue() in scsi_cmd_ioctl() and throtl_get_tg() are
      completely bogus.  The caller must have a reference to the queue on
      entry and taking an extra reference doesn't change anything.
      
      For scsi_cmd_ioctl(), the only effect is that it ends up checking
      QUEUE_FLAG_DEAD on entry; however, this is bogus as queue can die
      right after blk_get_queue().  Dead queue should be and is handled in
      request issue path (it's somewhat broken now but that's a separate
      problem and doesn't affect this one much).
      
      throtl_get_tg() incorrectly assumes that q is rcu freed.  Also, it
      doesn't check return value of blk_get_queue().  If the queue is
      already dead, it ends up doing an extra put.
      
      Drop them.
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Cc: Vivek Goyal <vgoyal@redhat.com>
      Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
      315fceee
  16. 10 Nov, 2010 1 commit
  17. 04 Nov, 2009 1 commit
  18. 10 Jul, 2009 1 commit
  19. 01 Jul, 2009 1 commit
    • Jens Axboe's avatar
      block: get rid of queue-private command filter · 018e0446
      Jens Axboe authored
      The initial patches to support this through sysfs export were broken
      and have been if 0'ed out in any release. So lets just kill the code
      and reclaim some space in struct request_queue, if anyone would later
      like to fixup the sysfs bits, the git history can easily restore
      the removed bits.
      Signed-off-by: default avatarJens Axboe <jens.axboe@oracle.com>
      018e0446
  20. 22 May, 2009 1 commit
  21. 11 May, 2009 1 commit
    • Tejun Heo's avatar
      block: add rq->resid_len · c3a4d78c
      Tejun Heo authored
      rq->data_len served two purposes - the length of data buffer on issue
      and the residual count on completion.  This duality creates some
      headaches.
      
      First of all, block layer and low level drivers can't really determine
      what rq->data_len contains while a request is executing.  It could be
      the total request length or it coulde be anything else one of the
      lower layers is using to keep track of residual count.  This
      complicates things because blk_rq_bytes() and thus
      [__]blk_end_request_all() relies on rq->data_len for PC commands.
      Drivers which want to report residual count should first cache the
      total request length, update rq->data_len and then complete the
      request with the cached data length.
      
      Secondly, it makes requests default to reporting full residual count,
      ie. reporting that no data transfer occurred.  The residual count is
      an exception not the norm; however, the driver should clear
      rq->data_len to zero to signify the normal cases while leaving it
      alone means no data transfer occurred at all.  This reverse default
      behavior complicates code unnecessarily and renders block PC on some
      drivers (ide-tape/floppy) unuseable.
      
      This patch adds rq->resid_len which is used only for residual count.
      
      While at it, remove now unnecessasry blk_rq_bytes() caching in
      ide_pc_intr() as rq->data_len is not changed anymore.
      
      Boaz	: spotted missing conversion in osd
      Sergei	: spotted too early conversion to blk_rq_bytes() in ide-tape
      
      [ Impact: cleanup residual count handling, report 0 resid by default ]
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
      Cc: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
      Cc: Borislav Petkov <petkovbb@googlemail.com>
      Cc: Sergei Shtylyov <sshtylyov@ru.mvista.com>
      Cc: Mike Miller <mike.miller@hp.com>
      Cc: Eric Moore <Eric.Moore@lsi.com>
      Cc: Alan Stern <stern@rowland.harvard.edu>
      Cc: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
      Cc: Doug Gilbert <dgilbert@interlog.com>
      Cc: Mike Miller <mike.miller@hp.com>
      Cc: Eric Moore <Eric.Moore@lsi.com>
      Cc: Darrick J. Wong <djwong@us.ibm.com>
      Cc: Pete Zaitcev <zaitcev@redhat.com>
      Cc: Boaz Harrosh <bharrosh@panasas.com>
      Signed-off-by: default avatarJens Axboe <jens.axboe@oracle.com>
      c3a4d78c
  22. 28 Apr, 2009 2 commits
  23. 22 Apr, 2009 1 commit
    • Tejun Heo's avatar
      block: fix SG_IO vector request data length handling · 25636e28
      Tejun Heo authored
      Impact: fix SG_IO behavior such that it matches the documentation
      
      SG_IO howto says that if ->dxfer_len and sum of iovec disagress, the
      shorter one wins.  However, the current implementation returns -EINVAL
      for such cases.  Trim iovc if it's longer than ->dxfer_len.
      
      This patch uses iov_*() helpers which take struct iovec * by casting
      struct sg_iovec * to it.  sg_iovec is always identical to iovec and
      this will be further cleaned up with later patches.
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Signed-off-by: default avatarJens Axboe <jens.axboe@oracle.com>
      25636e28
  24. 15 Apr, 2009 1 commit
  25. 26 Mar, 2009 1 commit
  26. 29 Dec, 2008 1 commit
  27. 05 Dec, 2008 1 commit
  28. 21 Oct, 2008 4 commits
  29. 09 Oct, 2008 3 commits
    • FUJITA Tomonori's avatar
      block: introduce struct rq_map_data to use reserved pages · 152e283f
      FUJITA Tomonori authored
      This patch introduces struct rq_map_data to enable bio_copy_use_iov()
      use reserved pages.
      
      Currently, bio_copy_user_iov allocates bounce pages but
      drivers/scsi/sg.c wants to allocate pages by itself and use
      them. struct rq_map_data can be used to pass allocated pages to
      bio_copy_user_iov.
      
      The current users of bio_copy_user_iov simply passes NULL (they don't
      want to use pre-allocated pages).
      Signed-off-by: default avatarFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
      Cc: Jens Axboe <jens.axboe@oracle.com>
      Cc: Douglas Gilbert <dougg@torque.net>
      Cc: Mike Christie <michaelc@cs.wisc.edu>
      Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
      Signed-off-by: default avatarJens Axboe <jens.axboe@oracle.com>
      152e283f
    • FUJITA Tomonori's avatar
      block: add gfp_mask argument to blk_rq_map_user and blk_rq_map_user_iov · a3bce90e
      FUJITA Tomonori authored
      Currently, blk_rq_map_user and blk_rq_map_user_iov always do
      GFP_KERNEL allocation.
      
      This adds gfp_mask argument to blk_rq_map_user and blk_rq_map_user_iov
      so sg can use it (sg always does GFP_ATOMIC allocation).
      Signed-off-by: default avatarFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
      Signed-off-by: default avatarDouglas Gilbert <dougg@torque.net>
      Cc: Mike Christie <michaelc@cs.wisc.edu>
      Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
      Signed-off-by: default avatarJens Axboe <jens.axboe@oracle.com>
      a3bce90e
    • xiphmont@xiph.org's avatar
      SG_IO block filter whitelist missing MMC SET READ AHEAD command · 35e396cd
      xiphmont@xiph.org authored
      I have another request for the block filter SG_IO command whitelist,
      specifically the MMC streaming command set SET READ AHEAD command.
      The command applies only to MMC CDROM/DVDROM drives with the streaming
      optional feature set.  The command is useful to cdparanoia in that it
      allows explicit cache control side effects that are, on many drives,
      cdparanoia's most efficient way to flush/disable the media cache on
      cdrom drives. I am aware of no reason why it should not be accessible
      from usespace.
      
      Also note that the command is already fully accessible through the
      SCSI-native version of the SG_IO ioctl as well as the traditional SG
      interface.  The command is only being refused on block devices.  That
      means that on a typical stock distro, the command is available through
      /dev/sg* but not /dev/scd* although both are typically available and
      accessible.  Filtering the command is not providing any protection,
      only a confusing inconsistency.
      Signed-off-by: default avatarJens Axboe <jens.axboe@oracle.com>
      35e396cd