Cameron, Steve wrote: >> Steve, >> Even though the SCSI status is CHECK CONDITION, the data-in >> buffer may still be transferred. One obvious example >> is a READ command when the sense key is RECOVERED ERROR. > > Yep, of course. > >> The sg driver and I suspect the block layer SG_IO do >> not check the SCSI status to determine whether or not >> to transfer the data-in buffer (or where it would have >> been DMA-ed to if the command worked) back to user space. >> If it was _direct_ IO then the block layer SG_IO and the >> sg driver would have no control over the data-in transfer >> (apart from setting it up). >> >> Both the sg driver and the block layer SG_IO could check >> the resid field which a LLD should set after a DMA >> (especially inbound). However LLDs are not compelled to >> set resid properly. >> >> So a few questions: >> - block layer SG_IO, the sg driver or both? > > sg driver. > >> - indirect IO (i.e. O_DIRECT not set)? > > indirect IO, O_DIRECT was not set. > >> - did the offending process have superuser permissions? > Yes. > >> - did the resid field indicate a short data-in transfer? > > resid == 64, the requested buffer was 1088 bytes. > (If I interpret that right, it means that all but 64 > bytes were transferred, that is, 1024 bytes were > transferred? Odd, considering the CDB was nonsense.) Steve, >From memory, between SPC-2 and SPC-3 the INQUIRY allocation length field went from 8 bits to 16 bits. If you do the above calculation modulo 256 it comes out correct :-) The moral here is don't set INQUIRY lengths > 252 unless the target can handle it. There is no point anyway for a "standard" INQUIRY (EVPD=0, CmdDt is obsolete). With VPD pages you can do a double fetch, the first one 4 bytes long to pick up "page length" field. But then again you said the cdb was nonsense. Now it is still a bit fuzzy because there is the allocation length field in some cdbs and the dxfer_len given to sg_io_hdr. I would think that the LLD should concentrate on the latter and set resid accordingly. That makes me wonder about the LLD involved (the sg driver just passes resid through). >> As long as the SCSI status and sense buffer are conveyed >> back properly _and_ this is only observed when the >> process has superuser permissions, then I wouldn't >> regard it as serious. Others may disagree. > > I haven't tried it as non-superuser. (And couldn't, > unless I chmod'ed /dev/sg* ) The sg driver zeros out the scatter gather elements for non-superusers. chmod'ing is not always needed, for example a non-superuser may well have permissions on a USB cd/dvd drive (including the sg device node) in some distributions. Doug Gilbert - To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
