James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote on
2015/08/04 09:32:17:
> On Tue, 2015-08-04 at 09:11 +0800, jiang.biao2@xxxxxxxxxx wrote:
> > scsi_ioctl: support persistent reserve commands through ioctl for
> > non-root user.
> >
> > Scsi persistent reserve commands need to be used for non-root user in
> > many scenarios.
> > EPERM error will be returned by sg_io() when PERSISTENT_RESERVE_OUT
> > or PERSISTENT_RESERVE_IN command is sent through ioctl() for
> > non-root user.
> > Add PERSISTENT_RESERVE_OUT and PERSISTENT_RESERVE_IN into
> > blk_default_cmd_filter in blk_set_cmd_filter_defaults() to support
> > persistent reserve commands for non-root user.
>
> I'm very dubious about this: a PR third party reservation can deny
> access to the local device ... effectively allowing any local user to
> cause I/O errors on all devices by issuing a bogus third party
> reservation. What's the reason for allowing non-root use in the first
> place?
>
Hi, Jams.
Our scenario is using persistent reservation in KVM guest cluster
when passing through the disk to the guests. The cluster
software(MSCS, for instance) need to use PR to synchronize the
cocurrent access to the shared disk. Because the KVM guest is
running in qemu context, it could not be root.
As to your concerns, should the the bogus reservation and illegal
access be limited by the other measures, for example, the mode of
the dev file? Similarly, the *Basic writing commands(WRITE_*)* are
also dangerous for non-root, but they must be used be by non-root
user, so they are controlled by file mode and other security
measures, and not limited it the first place.
Thanks a lot.
��.n��������+%�������w��{.n�����{������ܨ}���Ơz�j:+v�����w����ޙ��&�)ߡ�a����z�ޗ���ݢj��w�f
