From: Paolo Bonzini <pbonzini@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: tj@kernel.org, pmatouse@redhat.com,
"James E.J. Bottomley" <JBottomley@parallels.com>,
linux-scsi@kernel.org, Jens Axboe <axboe@kernel.dk>
Subject: [PATCH 09/13] sg_io: whitelist a few more commands for disks
Date: Thu, 24 Jan 2013 16:00:45 +0100 [thread overview]
Message-ID: <1359039649-17734-10-git-send-email-pbonzini@redhat.com> (raw)
In-Reply-To: <1359039649-17734-1-git-send-email-pbonzini@redhat.com>
This adds missing commands to the table from SBC and related standards.
Only commands that affect the medium are added. Commands that affect
other state of the LUN are all privileged, with the sole exception of START
STOP UNIT (which has always been allowed for all file descriptors. I do not
really agree with that and it's probably an artifact of when /dev/cdrom had
r--r--r-- permissions, but I'm not trying to change that.
Cc: "James E.J. Bottomley" <JBottomley@parallels.com>
Cc: linux-scsi@kernel.org
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
block/scsi_ioctl.c | 23 +++++++++++++++++++++--
1 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
index 49cd98a..74f3678 100644
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -166,25 +166,44 @@ static void blk_set_cmd_filter_defaults(struct blk_cmd_filter *filter)
sgio_bitmap_set(0x08, D|T| W| O , read); // READ(6)
sgio_bitmap_set(0x25, D| W|R|O| B|K , read); // READ CAPACITY(10)
sgio_bitmap_set(0x28, D| W|R|O| B|K , read); // READ(10)
+ sgio_bitmap_set(0x29, D| W|R|O , read); // READ GENERATION
+ sgio_bitmap_set(0x2D, O , read); // READ UPDATED BLOCK
sgio_bitmap_set(0x2F, D| W|R|O , read); // VERIFY(10)
+ sgio_bitmap_set(0x34, D| W| O| K , read); // PRE-FETCH(10)
sgio_bitmap_set(0x37, D| O , read); // READ DEFECT DATA(10)
sgio_bitmap_set(0x3E, D| W| O , read); // READ LONG(10)
sgio_bitmap_set(0x88, D|T| W| O| B , read); // READ(16)
sgio_bitmap_set(0x8F, D|T| W| O| B , read); // VERIFY(16)
+ sgio_bitmap_set(0x90, D| W| O| B , read); // PRE-FETCH(16)
sgio_bitmap_set(0xA8, D| W|R|O , read); // READ(12)
+ sgio_bitmap_set(0xAF, D| W| O , read); // VERIFY(12)
+ sgio_bitmap_set(0xB7, D| O , read); // READ DEFECT DATA(12)
/* write */
sgio_bitmap_set(0x04, D| R|O , write); // FORMAT UNIT
+ sgio_bitmap_set(0x07, D| W| O , write); // REASSIGN BLOCKS
sgio_bitmap_set(0x0A, D|T| W| O , write); // WRITE(6)
sgio_bitmap_set(0x2A, D| W|R|O| B|K , write); // WRITE(10)
+ sgio_bitmap_set(0x2C, D| R|O , write); // ERASE(10)
sgio_bitmap_set(0x2E, D| W|R|O| B|K , write); // WRITE AND VERIFY(10)
sgio_bitmap_set(0x35, D| W|R|O| B|K , write); // SYNCHRONIZE CACHE(10)
+ sgio_bitmap_set(0x38, W| O| K , write); // MEDIUM SCAN
+ sgio_bitmap_set(0x3D, O , write); // UPDATE BLOCK
sgio_bitmap_set(0x3F, D| W| O , write); // WRITE LONG(10)
+ sgio_bitmap_set(0x41, D , write); // WRITE SAME(10)
sgio_bitmap_set(0x42, D , write); // UNMAP
sgio_bitmap_set(0x48, D| B , write); // SANITIZE
sgio_bitmap_set(0x51, D , write); // XPWRITE(10)
+ sgio_bitmap_set(0x53, D , write); // XDWRITEREAD(10)
+ sgio_bitmap_set(0x85, D| B , write); // ATA PASS-THROUGH(16)
+ sgio_bitmap_set(0x89, D , write); // COMPARE AND WRITE
+ sgio_bitmap_set(0x8B, D , write); // ORWRITE
sgio_bitmap_set(0x8A, D|T| W| O| B , write); // WRITE(16)
+ sgio_bitmap_set(0x8E, D| W| O| B , write); // WRITE AND VERIFY(16)
+ sgio_bitmap_set(0x91, D| W| O| B , write); // SYNCHRONIZE CACHE(16)
+ sgio_bitmap_set(0x93, D , write); // WRITE SAME(16)
+ sgio_bitmap_set(0xA1, D| B , write); // ATA PASS-THROUGH(12)
sgio_bitmap_set(0xAA, D| W|R|O , write); // WRITE(12)
sgio_bitmap_set(0xAC, O , write); // ERASE(12)
sgio_bitmap_set(0xAE, D| W| O , write); // WRITE AND VERIFY(12)
@@ -241,12 +260,12 @@ static void blk_set_cmd_filter_defaults(struct blk_cmd_filter *filter)
sgio_bitmap_set(0xBD, R , read); // MECHANISM STATUS
sgio_bitmap_set(0xBE, R , read); // READ CD
- sgio_bitmap_set(0x53, D| R , write); // RESERVE TRACK / XDWRITEREAD(10)
+ sgio_bitmap_set(0x53, R , write); // RESERVE TRACK
sgio_bitmap_set(0x54, R , write); // SEND OPC INFORMATION
sgio_bitmap_set(0x58, R , write); // REPAIR TRACK
sgio_bitmap_set(0x5B, R , write); // CLOSE TRACK/SESSION
sgio_bitmap_set(0x5D, R , write); // SEND CUE SHEET
- sgio_bitmap_set(0xA1, D| R| B , write); // BLANK / ATA PASS-THROUGH(12)
+ sgio_bitmap_set(0xA1, R , write); // BLANK
sgio_bitmap_set(0xA2, R , write); // SEND EVENT
sgio_bitmap_set(0xA3, R , write); // SEND KEY
sgio_bitmap_set(0xA6, R , write); // LOAD/UNLOAD C/DVD
--
1.7.1
next prev parent reply other threads:[~2013-01-24 15:01 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-24 15:00 [PATCH 00/13] Corrections and customization of the SG_IO command whitelist (CVE-2012-4542) Paolo Bonzini
2013-01-24 15:00 ` [PATCH 01/13] sg_io: pass request_queue to blk_verify_command Paolo Bonzini
2013-01-24 22:34 ` Tejun Heo
2013-01-24 15:00 ` [PATCH 02/13] sg_io: reorganize list of allowed commands Paolo Bonzini
2013-01-24 22:42 ` Tejun Heo
2013-01-24 22:49 ` Tejun Heo
2013-01-24 22:58 ` Tejun Heo
2013-01-25 10:01 ` Paolo Bonzini
2013-01-25 17:13 ` Tejun Heo
2013-01-25 17:26 ` Paolo Bonzini
2013-01-24 15:00 ` [PATCH 03/13] sg_io: use different default filters for each device class Paolo Bonzini
2013-01-24 15:00 ` [PATCH 04/13] sg_io: resolve conflicts between commands assigned to multiple classes (CVE-2012-4542) Paolo Bonzini
2013-01-24 15:00 ` [PATCH 05/13] sg_io: whitelist a few more commands for rare & obsolete device types Paolo Bonzini
2013-01-24 15:00 ` [PATCH 06/13] sg_io: whitelist a few more commands for multimedia devices Paolo Bonzini
2013-01-24 22:55 ` Tejun Heo
2013-01-25 9:26 ` Paolo Bonzini
2013-01-25 17:04 ` Tejun Heo
2013-01-25 17:16 ` Paolo Bonzini
2013-01-25 17:28 ` Tejun Heo
2013-01-25 17:57 ` Paolo Bonzini
2013-01-25 18:13 ` Tejun Heo
2013-01-25 18:47 ` Paolo Bonzini
2013-01-25 19:01 ` Tejun Heo
2013-01-25 22:32 ` Paolo Bonzini
2013-01-25 22:41 ` Tejun Heo
2013-01-25 23:32 ` Paolo Bonzini
2013-01-25 23:47 ` Tejun Heo
2013-01-26 10:18 ` Paolo Bonzini
2013-01-24 15:00 ` [PATCH 07/13] sg_io: whitelist a few more commands for media changers Paolo Bonzini
2013-01-24 15:00 ` [PATCH 08/13] sg_io: whitelist a few more commands for tapes Paolo Bonzini
2013-01-24 15:00 ` Paolo Bonzini [this message]
2013-01-24 15:00 ` [PATCH 10/13] sg_io: whitelist a few obsolete commands Paolo Bonzini
2013-01-24 15:00 ` [PATCH 11/13] sg_io: add list of commands that were in the consulted list but are disabled Paolo Bonzini
2013-01-24 15:00 ` [PATCH 12/13] sg_io: remove remnants of sysfs SG_IO filters Paolo Bonzini
2013-01-24 15:00 ` [PATCH 13/13] sg_io: introduce unpriv_sgio queue flag Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1359039649-17734-10-git-send-email-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=JBottomley@parallels.com \
--cc=axboe@kernel.dk \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@kernel.org \
--cc=pmatouse@redhat.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).