scsi_ioctl: support persistent reserve commands through ioctl for non-root user.

Commit Message

Jiang Biao Aug. 1, 2015, 9:51 a.m. UTC

scsi_ioctl: support persistent reserve commands through ioctl for
non-root user.

Scsi persistent reserve commands need to be used for non-root user in
many scenarios.
EPERM error will be returned by sg_io() when PERSISTENT_RESERVE_OUT
or PERSISTENT_RESERVE_IN command is sent through ioctl() for
non-root user.
Add PERSISTENT_RESERVE_OUT and PERSISTENT_RESERVE_IN into
blk_default_cmd_filter in blk_set_cmd_filter_defaults() to support 
persistent reserve commands for non-root user.

Signed-off-by: Jiang Biao <jiang.biao2@zte.com.cn>

Signed-off-by: Li Ping <li.ping288@zte.com.cn>

Reviewed-by: Liu Jianjun <liu.jianjun3@zte.com.cn>

Comments

Lee Duncan Sept. 3, 2015, 4:13 p.m. UTC | #1

On 08/01/2015 02:51 AM, jiang.biao2@zte.com.cn wrote:
> scsi_ioctl: support persistent reserve commands through ioctl for
> non-root user.
> 
> Scsi persistent reserve commands need to be used for non-root user in
> many scenarios.
> EPERM error will be returned by sg_io() when PERSISTENT_RESERVE_OUT
> or PERSISTENT_RESERVE_IN command is sent through ioctl() for
> non-root user.
> Add PERSISTENT_RESERVE_OUT and PERSISTENT_RESERVE_IN into
> blk_default_cmd_filter in blk_set_cmd_filter_defaults() to support 
> persistent reserve commands for non-root user.
> 
> Signed-off-by: Jiang Biao <jiang.biao2@zte.com.cn>
> Signed-off-by: Li Ping <li.ping288@zte.com.cn>
> Reviewed-by: Liu Jianjun <liu.jianjun3@zte.com.cn>
> 
> diff -urpN block/scsi_ioctl.c block_new/scsi_ioctl.c
> --- block/scsi_ioctl.c  2015-08-01 17:07:47.000000000 +0800
> +++ block_new/scsi_ioctl.c      2015-08-01 17:09:56.000000000 +0800
> @@ -202,6 +202,9 @@ static void blk_set_cmd_filter_defaults(
>         __set_bit(GPCMD_LOAD_UNLOAD, filter->write_ok);
>         __set_bit(GPCMD_SET_STREAMING, filter->write_ok);
>         __set_bit(GPCMD_SET_READ_AHEAD, filter->write_ok);
> +       /* Persistent reserve command*/
> +       __set_bit(PERSISTENT_RESERVE_IN, filter->read_ok);
> +       __set_bit(PERSISTENT_RESERVE_OUT, filter->write_ok);
>  }
> 
>  int blk_verify_command(unsigned char *cmd, fmode_t has_write_perm)
> N?????r??y???b?X???v?^?)?{.n?+????{???"?{ay????,j??f???h???z??w??????j:+v???w?j?m????????zZ+??????j"??!tml=
> 

I disagree that it is a good idea to give non-root users permanent
access to the reservation commands. This can be used to coopt a disc,
including the root disc.

Patch

diff -urpN block/scsi_ioctl.c block_new/scsi_ioctl.c
--- block/scsi_ioctl.c  2015-08-01 17:07:47.000000000 +0800
+++ block_new/scsi_ioctl.c      2015-08-01 17:09:56.000000000 +0800
@@ -202,6 +202,9 @@  static void blk_set_cmd_filter_defaults(
        __set_bit(GPCMD_LOAD_UNLOAD, filter->write_ok);
        __set_bit(GPCMD_SET_STREAMING, filter->write_ok);
        __set_bit(GPCMD_SET_READ_AHEAD, filter->write_ok);
+       /* Persistent reserve command*/
+       __set_bit(PERSISTENT_RESERVE_IN, filter->read_ok);
+       __set_bit(PERSISTENT_RESERVE_OUT, filter->write_ok);
 }

 int blk_verify_command(unsigned char *cmd, fmode_t has_write_perm)