On Tue, 17 Jun 2008 17:45:24 -0400 Peter Jones <pjones@xxxxxxxxxx> wrote: > FUJITA Tomonori wrote: > > > Well, this changes sg behaviour since sg's allow_ops filter has a > > access permission different from blk_verify_command filter's. > > > > I guess that the first thing you need to do is that figuring out a > > proper access permission for each command, which sg maintainer, etc > > can agree. It's pretty hard and that's the reason why this patch has > > not been merged for years, I think. > > I don't think this logic is sound. > > The patch makes it so distros (and individuals, if they're so inclined) > can configure the filter correctly for whatever hardware is present, > regardless of the kernel's ideas of which commands are correct. It > leaves intact the defaults from the current list used by SG_IO and bsg > (and maybe some other interfaces?), which most programs have been using > for quite some time. I know that. I've tried to merge this patch in the past. > If anything, sg is overdue with converting to using the same command > filter as other direct-scsi-command mechanisms. sg_allow_access() is > really not something we should be keeping. > > I don't think this is a reason not to merge the patch; in fact, quite > the opposite. This is another case where we've got a specific filter in > one code path that doesn't match any of the others. Fixing it is > something that needs to be done. Making it configurable from the > userland at the same time effectively aleviates the pain that could > result from doing so. Even if you can configure the access permissions from the userland, the kernel needs to configure the default access permissions. Seemed it's hard for everyone to agree on what are proper default permissions (I can't recall when this topic was discussed, at LSF'07 or somewhere). Well, filtering SCSI commands is not a good idea, so removing the filtering mechanism would be a better option but... -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html