On Wed, Oct 31 2007, Jeff Garzik wrote: > Jens Axboe wrote: > >Right, that's of course problematic... There has to be a way to recover > >that situation though, or you can't export any user command issue > >facility. > > You cannot hope to handle all possible effects arising from an app > providing an invalid sg header / cdb. > > Once you start talking "recovery" you are already screwed: we are > talking about low-level hardware commands that are passed straight to > the hardware. It is trivial to lock up hardware, brick hardware, and > corrupt data at that level. > > > If this is NOT a privileged app, we must update the command validation > to ensure that invalid commands are not transported to the hardware. > > If this is a privileged app, our work is done. Fix the app. We gave > root rope, and he took it. Woaw, back the truck up a bit :-) I'm talking about simple things - like asking for 8 bytes of sense data. Simple mistakes. You cannot possibly check for everything like that in a command filter, it's utterly impossible. > I even venture to say that "accept anything, clean up afterwards" is > /impossible/ to implement, in addition to being dangerous. Certainly, that's not what I'm talking about. -- Jens Axboe - To unsubscribe from this list: send the line "unsubscribe linux-ide" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html