Sumant Patro wrote: > Hello Christoph, > > Thank you for the patch. > > As you mentioned this patch allows scsi generic access to the > physical disks. I see this as potential data integrity issue if someone > does a write operation on a disk that belongs to a Logical RAID volume. > I would rather prevent all access to the disks using slave_alloc(). I > will be sending a patch shortly for review that implements > megasas_slave_alloc to block all direct access to the physical disks. Sumant, Typically a non-root user would not have write (or read) permissions on a sg device node. A root user (or perhaps a user with CAP_SYS_RAWIO) could send a SCSI WRITE command to a physical disk, but that is no different from the current situation. IMO The main reason to allow access to the physical "logical" units is for tools like smartmontools and access for commands like LOG SENSE and MODE SENSE (and perhaps the SELECT variants of those commands used carefully). Add INQUIRY to that list ... With FC and SAS dual ported disks one could also think about taking a persistent reservation on one I_T nexus (e.g. the active port) and only allow access to the physical disk via the secondary port. That way the finer graded command filtering of PERSISTENT RESERVATION could be used to guard the integrity of the disk. Doug Gilbert - : send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
