Patch "[PATCH v2 for-4.9 31/40] block: allow WRITE_SAME commands with the SG_IO ioctl" has been added to the 4.9-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    [PATCH v2 for-4.9 31/40] block: allow WRITE_SAME commands with the SG_IO ioctl

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     block-allow-write_same-commands-with-the-sg_io-ioctl.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From foo@baz Mon Mar 20 11:41:01 CET 2017
From: alexander.levin@xxxxxxxxxxx
Date: Fri, 17 Mar 2017 00:48:30 +0000
Subject: [PATCH v2 for-4.9 31/40] block: allow WRITE_SAME commands with the SG_IO ioctl
To: "gregkh@xxxxxxxxxxxxxxxxxxx" <gregkh@xxxxxxxxxxxxxxxxxxx>
Cc: "stable@xxxxxxxxxxxxxxx" <stable@xxxxxxxxxxxxxxx>
Message-ID: <20170317004812.26960-31-alexander.levin@xxxxxxxxxxx>

From: Mauricio Faria de Oliveira <mauricfo@xxxxxxxxxxxxxxxxxx>

[ Upstream commit 25cdb64510644f3e854d502d69c73f21c6df88a9 ]

The WRITE_SAME commands are not present in the blk_default_cmd_filter
write_ok list, and thus are failed with -EPERM when the SG_IO ioctl()
is executed without CAP_SYS_RAWIO capability (e.g., unprivileged users).
[ sg_io() -> blk_fill_sghdr_rq() > blk_verify_command() -> -EPERM ]

The problem can be reproduced with the sg_write_same command

  # sg_write_same --num 1 --xferlen 512 /dev/sda
  #

  # capsh --drop=cap_sys_rawio -- -c \
    'sg_write_same --num 1 --xferlen 512 /dev/sda'
    Write same: pass through os error: Operation not permitted
  #

For comparison, the WRITE_VERIFY command does not observe this problem,
since it is in that list:

  # capsh --drop=cap_sys_rawio -- -c \
    'sg_write_verify --num 1 --ilen 512 --lba 0 /dev/sda'
  #

So, this patch adds the WRITE_SAME commands to the list, in order
for the SG_IO ioctl to finish successfully:

  # capsh --drop=cap_sys_rawio -- -c \
    'sg_write_same --num 1 --xferlen 512 /dev/sda'
  #

That case happens to be exercised by QEMU KVM guests with 'scsi-block' devices
(qemu "-device scsi-block" [1], libvirt "<disk type='block' device='lun'>" [2]),
which employs the SG_IO ioctl() and runs as an unprivileged user (libvirt-qemu).

In that scenario, when a filesystem (e.g., ext4) performs its zero-out calls,
which are translated to write-same calls in the guest kernel, and then into
SG_IO ioctls to the host kernel, SCSI I/O errors may be observed in the guest:

  [...] sd 0:0:0:0: [sda] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
  [...] sd 0:0:0:0: [sda] tag#0 Sense Key : Aborted Command [current]
  [...] sd 0:0:0:0: [sda] tag#0 Add. Sense: I/O process terminated
  [...] sd 0:0:0:0: [sda] tag#0 CDB: Write Same(10) 41 00 01 04 e0 78 00 00 08 00
  [...] blk_update_request: I/O error, dev sda, sector 17096824

Links:
[1] http://git.qemu.org/?p=qemu.git;a=commit;h=336a6915bc7089fb20fea4ba99972ad9a97c5f52
[2] https://libvirt.org/formatdomain.html#elementsDisks (see 'disk' -> 'device')

Signed-off-by: Mauricio Faria de Oliveira <mauricfo@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Brahadambal Srinivasan <latha@xxxxxxxxxxxxxxxxxx>
Reported-by: Manjunatha H R <manjuhr1@xxxxxxxxxx>
Reviewed-by: Christoph Hellwig <hch@xxxxxx>
Signed-off-by: Jens Axboe <axboe@xxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 block/scsi_ioctl.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -182,6 +182,9 @@ static void blk_set_cmd_filter_defaults(
 	__set_bit(WRITE_16, filter->write_ok);
 	__set_bit(WRITE_LONG, filter->write_ok);
 	__set_bit(WRITE_LONG_2, filter->write_ok);
+	__set_bit(WRITE_SAME, filter->write_ok);
+	__set_bit(WRITE_SAME_16, filter->write_ok);
+	__set_bit(WRITE_SAME_32, filter->write_ok);
 	__set_bit(ERASE, filter->write_ok);
 	__set_bit(GPCMD_MODE_SELECT_10, filter->write_ok);
 	__set_bit(MODE_SELECT, filter->write_ok);


Patches currently in stable-queue which might be from gregkh@xxxxxxxxxxxxxxxxxxx are

queue-4.9/pci-add-comments-about-rom-bar-updating.patch
queue-4.9/acpi-blacklist-make-dell-latitude-3350-ethernet-work.patch
queue-4.9/s390-zcrypt-introduce-cex6-toleration.patch
queue-4.9/dccp-tcp-fix-routing-redirect-race.patch
queue-4.9/vrf-fix-use-after-free-in-vrf_xmit.patch
queue-4.9/tcp-fix-various-issues-for-sockets-morphing-to-listen-state.patch
queue-4.9/block-allow-write_same-commands-with-the-sg_io-ioctl.patch
queue-4.9/strparser-destroy-workqueue-on-module-exit.patch
queue-4.9/powerpc-mm-fix-build-break-when-cma-n-spapr_tce_iommu-y.patch
queue-4.9/vfio-spapr-postpone-default-window-creation.patch
queue-4.9/vfio-spapr-add-a-helper-to-create-default-dma-window.patch
queue-4.9/pci-do-any-vf-bar-updates-before-enabling-the-bars.patch
queue-4.9/usb-gadget-udc-atmel-remove-memory-leak.patch
queue-4.9/x86-hyperv-handle-unknown-nmis-on-one-cpu-when-unknown_nmi_panic.patch
queue-4.9/net-tunnel-set-inner-protocol-in-network-gro-hooks.patch
queue-4.9/serial-8250_pci-detach-low-level-driver-during-pci-error-recovery.patch
queue-4.9/powerpc-iommu-stop-using-current-in-mm_iommu_xxx.patch
queue-4.9/tun-fix-premature-pollout-notification-on-tun-devices.patch
queue-4.9/vxlan-correctly-validate-vxlan-id-against-vxlan_n_vid.patch
queue-4.9/bpf-fix-regression-on-verifier-pruning-wrt-map-lookups.patch
queue-4.9/tcp-dccp-block-bh-for-syn-processing.patch
queue-4.9/net-sched-act_skbmod-remove-unneeded-rcu_read_unlock-in-tcf_skbmod_dump.patch
queue-4.9/dccp-fix-memory-leak-during-tear-down-of-unsuccessful-connection-request.patch
queue-4.9/xen-do-not-re-use-pirq-number-cached-in-pci-device-msi-msg-data.patch
queue-4.9/vxlan-lock-rcu-on-tx-path.patch
queue-4.9/mlxsw-spectrum_router-avoid-potential-packets-loss.patch
queue-4.9/mpls-do-not-decrement-alive-counter-for-unregister-events.patch
queue-4.9/net-phy-avoid-deadlock-during-phy_error.patch
queue-4.9/uapi-fix-linux-packet_diag.h-userspace-compilation-error.patch
queue-4.9/pci-separate-vf-bar-updates-from-standard-bar-updates.patch
queue-4.9/pci-ignore-bar-updates-on-virtual-functions.patch
queue-4.9/geneve-lock-rcu-on-tx-path.patch
queue-4.9/dccp-fix-use-after-free-in-dccp_feat_activate_values.patch
queue-4.9/l2tp-avoid-use-after-free-caused-by-l2tp_ip_backlog_recv.patch
queue-4.9/powerpc-mm-iommu-vfio-spapr-put-pages-on-vfio-container-shutdown.patch
queue-4.9/bpf-fix-state-equivalence.patch
queue-4.9/scsi-ibmvscsis-clean-up-properly-if-target_submit_cmd-tmr-fails.patch
queue-4.9/drm-nouveau-disp-gp102-fix-cursor-overlay-immediate-channel-indices.patch
queue-4.9/pci-update-bars-using-property-bits-appropriate-for-type.patch
queue-4.9/scsi-ibmvscsis-synchronize-cmds-at-remove-time.patch
queue-4.9/vfio-spapr-postpone-allocation-of-userspace-version-of-tce-table.patch
queue-4.9/ibmveth-calculate-gso_segs-for-large-packets.patch
queue-4.9/net-mlx5e-do-not-reduce-lro-wqe-size-when-not-using-build_skb.patch
queue-4.9/net-sched-actions-decrement-module-reference-count-after-table-flush.patch
queue-4.9/pci-don-t-update-vf-bars-while-vf-memory-space-is-enabled.patch
queue-4.9/ipv4-mask-tos-for-input-route.patch
queue-4.9/net-fix-socket-refcounting-in-skb_complete_tx_timestamp.patch
queue-4.9/net-bridge-allow-ipv6-when-multicast-flood-is-disabled.patch
queue-4.9/net-mlx5e-fix-wrong-cqe-decompression.patch
queue-4.9/net-net_enable_timestamp-can-be-called-from-irq-contexts.patch
queue-4.9/igb-workaround-for-igb-i210-firmware-issue.patch
queue-4.9/drivers-hv-ring_buffer-count-on-wrap-around-mappings-in-get_next_pkt_raw-v2.patch
queue-4.9/drm-nouveau-disp-nv50-specify-ctrl-user-separately-when-constructing-classes.patch
queue-4.9/ipv6-make-ecmp-route-replacement-less-greedy.patch
queue-4.9/ipv6-avoid-write-to-a-possibly-cloned-skb.patch
queue-4.9/pci-remove-pci_resource_bar-and-pci_iov_resource_bar.patch
queue-4.9/mpls-send-route-delete-notifications-when-router-module-is-unloaded.patch
queue-4.9/dmaengine-iota-ioat_alloc_chan_resources-should-not-perform-sleeping-allocations.patch
queue-4.9/scsi-ibmvscsis-return-correct-partition-name-to-client.patch
queue-4.9/vti6-return-gre_key-for-vti6.patch
queue-4.9/vfio-spapr-reference-mm-in-tce_container.patch
queue-4.9/scsi-ibmvscsis-rearrange-functions-for-future-patches.patch
queue-4.9/dccp-unlock-sock-before-calling-sk_free.patch
queue-4.9/bpf-fix-mark_reg_unknown_value-for-spilled-regs-on-map-value-marking.patch
queue-4.9/powerpc-iommu-pass-mm_struct-to-init-cleanup-helpers.patch
queue-4.9/slub-move-synchronize_sched-out-of-slab_mutex-on-shrink.patch
queue-4.9/net-mlx5e-register-unregister-vport-representors-on-interface-attach-detach.patch
queue-4.9/pci-decouple-ioresource_rom_enable-and-pci_rom_address_enable.patch
queue-4.9/net-don-t-call-strlen-on-the-user-buffer-in-packet_bind_spkt.patch
queue-4.9/bpf-detect-identical-ptr_to_map_value_or_null-registers.patch
queue-4.9/scsi-ibmvscsis-issues-from-dan-carpenter-smatch.patch
queue-4.9/vxlan-don-t-allow-overwrite-of-config-src-addr.patch
queue-4.9/acpi-blacklist-add-_rev-quirks-for-dell-precision-5520-and-3520.patch
queue-4.9/bridge-drop-netfilter-fake-rtable-unconditionally.patch
queue-4.9/igb-add-i211-to-i210-phy-workaround.patch
queue-4.9/drm-nouveau-disp-nv50-split-chid-into-chid.ctrl-and-chid.user.patch
queue-4.9/net-fix-socket-refcounting-in-skb_complete_wifi_ack.patch
queue-4.9/scsi-ibmvscsis-synchronize-cmds-at-tpg_enable_store-time.patch
queue-4.9/ipv6-orphan-skbs-in-reassembly-unit.patch
queue-4.9/act_connmark-avoid-crashing-on-malformed-nlattrs-with-null-parms.patch
queue-4.9/uvcvideo-uvc_scan_fallback-for-webcams-with-broken-chain.patch
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]