This is a note to let you know that I've just added the patch titled
block: allow WRITE_SAME commands with the SG_IO ioctl
to the 4.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
block-allow-write_same-commands-with-the-sg_io-ioctl.patch
and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From foo@baz Tue Mar 28 13:59:27 CEST 2017
From: Sumit Semwal <sumit.semwal@xxxxxxxxxx>
Date: Sat, 25 Mar 2017 21:48:14 +0530
Subject: block: allow WRITE_SAME commands with the SG_IO ioctl
To: stable@xxxxxxxxxxxxxxx
Cc: Mauricio Faria de Oliveira <mauricfo@xxxxxxxxxxxxxxxxxx>, Brahadambal Srinivasan <latha@xxxxxxxxxxxxxxxxxx>, Jens Axboe <axboe@xxxxxx>, Sasha Levin <alexander.levin@xxxxxxxxxxx>, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>, Sumit Semwal <sumit.semwal@xxxxxxxxxx>
Message-ID: <1490458699-24484-15-git-send-email-sumit.semwal@xxxxxxxxxx>
From: Sumit Semwal <sumit.semwal@xxxxxxxxxx>
From: Mauricio Faria de Oliveira <mauricfo@xxxxxxxxxxxxxxxxxx>
[ Upstream commit 25cdb64510644f3e854d502d69c73f21c6df88a9 ]
The WRITE_SAME commands are not present in the blk_default_cmd_filter
write_ok list, and thus are failed with -EPERM when the SG_IO ioctl()
is executed without CAP_SYS_RAWIO capability (e.g., unprivileged users).
[ sg_io() -> blk_fill_sghdr_rq() > blk_verify_command() -> -EPERM ]
The problem can be reproduced with the sg_write_same command
# sg_write_same --num 1 --xferlen 512 /dev/sda
#
# capsh --drop=cap_sys_rawio -- -c \
'sg_write_same --num 1 --xferlen 512 /dev/sda'
Write same: pass through os error: Operation not permitted
#
For comparison, the WRITE_VERIFY command does not observe this problem,
since it is in that list:
# capsh --drop=cap_sys_rawio -- -c \
'sg_write_verify --num 1 --ilen 512 --lba 0 /dev/sda'
#
So, this patch adds the WRITE_SAME commands to the list, in order
for the SG_IO ioctl to finish successfully:
# capsh --drop=cap_sys_rawio -- -c \
'sg_write_same --num 1 --xferlen 512 /dev/sda'
#
That case happens to be exercised by QEMU KVM guests with 'scsi-block' devices
(qemu "-device scsi-block" [1], libvirt "<disk type='block' device='lun'>" [2]),
which employs the SG_IO ioctl() and runs as an unprivileged user (libvirt-qemu).
In that scenario, when a filesystem (e.g., ext4) performs its zero-out calls,
which are translated to write-same calls in the guest kernel, and then into
SG_IO ioctls to the host kernel, SCSI I/O errors may be observed in the guest:
[...] sd 0:0:0:0: [sda] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
[...] sd 0:0:0:0: [sda] tag#0 Sense Key : Aborted Command [current]
[...] sd 0:0:0:0: [sda] tag#0 Add. Sense: I/O process terminated
[...] sd 0:0:0:0: [sda] tag#0 CDB: Write Same(10) 41 00 01 04 e0 78 00 00 08 00
[...] blk_update_request: I/O error, dev sda, sector 17096824
Links:
[1] http://git.qemu.org/?p=qemu.git;a=commit;h=336a6915bc7089fb20fea4ba99972ad9a97c5f52
[2] https://libvirt.org/formatdomain.html#elementsDisks (see 'disk' -> 'device')
Signed-off-by: Mauricio Faria de Oliveira <mauricfo@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Brahadambal Srinivasan <latha@xxxxxxxxxxxxxxxxxx>
Reported-by: Manjunatha H R <manjuhr1@xxxxxxxxxx>
Reviewed-by: Christoph Hellwig <hch@xxxxxx>
Signed-off-by: Jens Axboe <axboe@xxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Sumit Semwal <sumit.semwal@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
block/scsi_ioctl.c | 3 +++
1 file changed, 3 insertions(+)
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -182,6 +182,9 @@ static void blk_set_cmd_filter_defaults(
__set_bit(WRITE_16, filter->write_ok);
__set_bit(WRITE_LONG, filter->write_ok);
__set_bit(WRITE_LONG_2, filter->write_ok);
+ __set_bit(WRITE_SAME, filter->write_ok);
+ __set_bit(WRITE_SAME_16, filter->write_ok);
+ __set_bit(WRITE_SAME_32, filter->write_ok);
__set_bit(ERASE, filter->write_ok);
__set_bit(GPCMD_MODE_SELECT_10, filter->write_ok);
__set_bit(MODE_SELECT, filter->write_ok);
Patches currently in stable-queue which might be from sumit.semwal@xxxxxxxxxx are
queue-4.4/pci-add-comments-about-rom-bar-updating.patch
queue-4.4/acpi-blacklist-make-dell-latitude-3350-ethernet-work.patch
queue-4.4/s390-zcrypt-introduce-cex6-toleration.patch
queue-4.4/block-allow-write_same-commands-with-the-sg_io-ioctl.patch
queue-4.4/pci-do-any-vf-bar-updates-before-enabling-the-bars.patch
queue-4.4/x86-hyperv-handle-unknown-nmis-on-one-cpu-when-unknown_nmi_panic.patch
queue-4.4/serial-8250_pci-detach-low-level-driver-during-pci-error-recovery.patch
queue-4.4/xen-do-not-re-use-pirq-number-cached-in-pci-device-msi-msg-data.patch
queue-4.4/pci-separate-vf-bar-updates-from-standard-bar-updates.patch
queue-4.4/pci-ignore-bar-updates-on-virtual-functions.patch
queue-4.4/pci-update-bars-using-property-bits-appropriate-for-type.patch
queue-4.4/vfio-spapr-postpone-allocation-of-userspace-version-of-tce-table.patch
queue-4.4/pci-don-t-update-vf-bars-while-vf-memory-space-is-enabled.patch
queue-4.4/igb-workaround-for-igb-i210-firmware-issue.patch
queue-4.4/pci-remove-pci_resource_bar-and-pci_iov_resource_bar.patch
queue-4.4/pci-decouple-ioresource_rom_enable-and-pci_rom_address_enable.patch
queue-4.4/acpi-blacklist-add-_rev-quirks-for-dell-precision-5520-and-3520.patch
queue-4.4/igb-add-i211-to-i210-phy-workaround.patch
queue-4.4/uvcvideo-uvc_scan_fallback-for-webcams-with-broken-chain.patch