search for: sg_io

From: "Richard W.M. Jones" <rjones at redhat.com> CVE-2011-4127 is a serious qemu & kernel privilege escalation bug found by Paolo Bonzini. http://seclists.org/oss-sec/2011/q4/536 An untrusted guest kernel is able to issue special SG_IO ioctls on virtio devices which qemu passes through to the host kernel without filtering or sanitizing. These ioctls allow raw sectors from the underlying host device to be read and written. Significantly, neither qemu nor the host kernel checks that the range of sectors is within the partition /...

...it, because it gives cap_sys_rawio+ep to all the kvm processes executed from this binary. I believe following patches, which are not merged yet, are trying to solve this problem in a different approach. - [PATCH v3 part2] Add per-device sysfs knob to enable unrestricted, unprivileged SG_IO https://lkml.org/lkml/2013/5/23/294 - [RFC PATCH 0/4] SG_IO filtering via sysfs and minimal whitelist https://lkml.org/lkml/2013/5/27/230 Any comments on this? Masaki

On Wed, Dec 11, 2019 at 09:42:49PM +0100, Arnd Bergmann wrote: > Each driver calling scsi_ioctl() gets an equivalent compat_ioctl() > handler that implements the same commands by calling scsi_compat_ioctl(). > > The scsi_cmd_ioctl() and scsi_cmd_blk_ioctl() functions are compatible > at this point, so any driver that calls those can do so for both native > and compat mode, with

On Wed, Dec 11, 2019 at 09:42:49PM +0100, Arnd Bergmann wrote: > Each driver calling scsi_ioctl() gets an equivalent compat_ioctl() > handler that implements the same commands by calling scsi_compat_ioctl(). > > The scsi_cmd_ioctl() and scsi_cmd_blk_ioctl() functions are compatible > at this point, so any driver that calls those can do so for both native > and compat mode, with

...les changed, 53 insertions(+), 35 deletions(-) diff --git a/hw/megasas.c b/hw/megasas.c index a57e8e0..f32b313 100644 --- a/hw/megasas.c +++ b/hw/megasas.c @@ -661,40 +661,55 @@ static int megasas_handle_scsi(MPTState *s, uint8_t fcmd, } } - memset(&cmd->hdr, 0, sizeof(struct sg_io_hdr)); - cmd->hdr.interface_id = 'S'; - cmd->hdr.cmd_len = cdb_len; - cmd->hdr.cmdp = cdb; - cmd->hdr.iovec_count = cmd->sge_count; - cmd->hdr.dxferp = cmd->iov; - for (n = 0; n < cmd->sge_count; n++) - cmd->hdr.dxfer_len += cmd->iov[n].iov...

...les changed, 53 insertions(+), 35 deletions(-) diff --git a/hw/megasas.c b/hw/megasas.c index a57e8e0..f32b313 100644 --- a/hw/megasas.c +++ b/hw/megasas.c @@ -661,40 +661,55 @@ static int megasas_handle_scsi(MPTState *s, uint8_t fcmd, } } - memset(&cmd->hdr, 0, sizeof(struct sg_io_hdr)); - cmd->hdr.interface_id = 'S'; - cmd->hdr.cmd_len = cdb_len; - cmd->hdr.cmdp = cdb; - cmd->hdr.iovec_count = cmd->sge_count; - cmd->hdr.dxferp = cmd->iov; - for (n = 0; n < cmd->sge_count; n++) - cmd->hdr.dxfer_len += cmd->iov[n].iov...

...+01:00 Christoph Hellwig <hch at lst.de>: > Most users of BLOCK_PC requests allocate the sense buffer on the stack, > so to avoid DMA to the stack copy them to a field in the heap allocated > virtblk_req structure. Without that any attempt at SCSI passthrough I/O, > including the SG_IO ioctl from userspace will crash the kernel. Note that > this includes running tools like hdparm even when the host does not have > SCSI passthrough enabled. This sounds scary. Could you share how to reproduce it, this should go into stable if it's the case. Thanks, Jinpu > > Sig...

...+01:00 Christoph Hellwig <hch at lst.de>: > Most users of BLOCK_PC requests allocate the sense buffer on the stack, > so to avoid DMA to the stack copy them to a field in the heap allocated > virtblk_req structure. Without that any attempt at SCSI passthrough I/O, > including the SG_IO ioctl from userspace will crash the kernel. Note that > this includes running tools like hdparm even when the host does not have > SCSI passthrough enabled. This sounds scary. Could you share how to reproduce it, this should go into stable if it's the case. Thanks, Jinpu > > Sig...

Without this fix attempts to do scsi passthrough on virtio_blk will crash the system on virtually mapped stacks, which is something happening during boot with many distros.

Without this fix attempts to do scsi passthrough on virtio_blk will crash the system on virtually mapped stacks, which is something happening during boot with many distros.

...the host, I will get the full harddisk/SSD info. Can I know how to resolve this so that the output is the same for both host and guest? My strace of hdparm from within the guest (just "-e ioctl" is traced): ioctl(3, HDIO_GET_MULTCOUNT, 0x618ef0) = -1 EINVAL (Invalid argument) ioctl(3, SG_IO, {'S', SG_DXFER_FROM_DEV, cmd[16]=[85, 08, 0e, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 40, ec, 00], mx_sb_len=32, iovec_count=0, dxfer_len=512, timeout=15000, flags=0, data[512]=["@\0\377?7\310\20\0\0\0\0\0?\0\0\0\0\0\0\0HPAD0409105B"...], status=00, masked_status=00, sb[0]=[], ho...

...artd also barks on me. The tw_cli simply doesn't see the controller, no errors logged anywhere. When starting smartd, it is much more verbose. I'm getting a bunch of messages like this: Oct 9 22:15:15 toporko kernel: program smartd is using a deprecated SCSI ioctl, please convert it to SG_IO Oct 9 22:15:15 toporko kernel: 3w-xxxx: SCSI_IOCTL_SEND_COMMAND deprecated, please update your 3ware tools. Oct 9 22:15:15 toporko last message repeated 5 times Oct 9 22:15:15 toporko smartd[29238]: Device: /dev/sda [3ware_disk_00], not found in smartd database. Oct 9 22:15:15 toporko smartd[29...

Is anyone working on SCSI passthrough using the ''SCSI Generic'' support under Linux, eg /dev/sgX? This is how VMWare allows a VM to use SCSI devices. Thanks James _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel

On Thu, Dec 12, 2019 at 01:28:08AM +0100, Paolo Bonzini wrote: > I think it's because the only ioctl for virtio-blk is SG_IO. It makes > sense to lump it in with scsi, but I wouldn't mind getting rid of > CONFIG_VIRTIO_BLK_SCSI altogether. CONFIG_VIRTIO_BLK_SCSI has been broken for about two years, as it never set the QUEUE_FLAG_SCSI_PASSTHROUGH flag after that was introduced. I actually have a patch that I...

We have CENTOS 5.4 X86_64 on DELL server. This server havs been run 5 months no special message. Recently I found /var/log/messages file have following message pop-up: Jan 5 15:14:19 ORA1 kernel: program nmhs is using a deprecated SCSI ioctl, please convert it to SG_IO Jan 5 15:14:19 ORA1 last message repeated 29 times Does anyone know what it mean? ___________________________________________________ ??????? ? ???????????????? http://messenger.yahoo.com.tw/

Il 27/08/2013 12:29, Masaki Kimura ha scritto: > I believe following patches, which are not merged yet, are trying to solve > this problem in a different approach. > - [PATCH v3 part2] Add per-device sysfs knob to enable unrestricted, > unprivileged SG_IO > https://lkml.org/lkml/2013/5/23/294 > - [RFC PATCH 0/4] SG_IO filtering via sysfs and minimal whitelist > https://lkml.org/lkml/2013/5/27/230 > > > Any comments on this? Yes, that's correct. Paolo

Il 22/08/2013 09:46, Timon Wang ha scritto: > Thanks Nicholas. > > I found that scsicmd can't pass all the scsi3_test but the result of > sg_inq is the same as it in the host. > > I am absolutely confused about this situation. Am I missed some > information about it? I am also confused. You need to understand the limitations that the clustering software is putting.

...thing like this for megasas a few years > back using specialized QEMU emulation + eventfd based LIO fabric driver, > and got it working with Linux + MSFT guests. Are the patches already in qemu upstream and LIO upstream? I found you played it in 2010. Is it? [QEMU-KVM]: Megasas + TCM_Loop + SG_IO into Windows XP guests https://groups.google.com/forum/#!topic/linux-iscsi-target-dev/3hdaI6H3X0A > > Doing something similar for nvme would (potentially) be on par with > current virtio-scsi+vhost-scsi small-block performance for scsi-mq > guests, without the extra burden of a new com...

...thing like this for megasas a few years > back using specialized QEMU emulation + eventfd based LIO fabric driver, > and got it working with Linux + MSFT guests. Are the patches already in qemu upstream and LIO upstream? I found you played it in 2010. Is it? [QEMU-KVM]: Megasas + TCM_Loop + SG_IO into Windows XP guests https://groups.google.com/forum/#!topic/linux-iscsi-target-dev/3hdaI6H3X0A > > Doing something similar for nvme would (potentially) be on par with > current virtio-scsi+vhost-scsi small-block performance for scsi-mq > guests, without the extra burden of a new com...

I was able to get the source code for ocfs2 and compile it. This worked and created the necessary .ko files Now I have to figure out why gnu parted 1.6.15 has bugs. when I try a partprobe on a partitioned firewire maxtor drive mount -t ocfs2 /dev/sdb1 /u01/oradata/orcl It says no such device.... Any ideas anyone?... Regards, Mandar Vengurlekar ----- Original Message ----- From: Mandar P