ACK: [PATCH Yakkety SRU] block: allow WRITE_SAME commands with the SG_IO ioctl

Wed Jan 4 15:20:40 UTC 2017

On 04/01/17 15:18, Tim Gardner wrote:
> From: Mauricio Faria de Oliveira <mauricfo at linux.vnet.ibm.com>
> 
> BugLink: http://bugs.launchpad.net/bugs/1651242
> 
> The WRITE_SAME commands are not present in the blk_default_cmd_filter
> write_ok list, and thus are failed with -EPERM when the SG_IO ioctl()
> is executed without CAP_SYS_RAWIO capability (e.g., unprivileged users).
> [ sg_io() -> blk_fill_sghdr_rq() > blk_verify_command() -> -EPERM ]
> 
> The problem can be reproduced with the sg_write_same command
> 
>   # sg_write_same --num 1 --xferlen 512 /dev/sda
>   #
> 
>   # capsh --drop=cap_sys_rawio -- -c \
>     'sg_write_same --num 1 --xferlen 512 /dev/sda'
>     Write same: pass through os error: Operation not permitted
>   #
> 
> For comparison, the WRITE_VERIFY command does not observe this problem,
> since it is in that list:
> 
>   # capsh --drop=cap_sys_rawio -- -c \
>     'sg_write_verify --num 1 --ilen 512 --lba 0 /dev/sda'
>   #
> 
> So, this patch adds the WRITE_SAME commands to the list, in order
> for the SG_IO ioctl to finish successfully:
> 
>   # capsh --drop=cap_sys_rawio -- -c \
>     'sg_write_same --num 1 --xferlen 512 /dev/sda'
>   #
> 
> That case happens to be exercised by QEMU KVM guests with 'scsi-block' devices
> (qemu "-device scsi-block" [1], libvirt "<disk type='block' device='lun'>" [2]),
> which employs the SG_IO ioctl() and runs as an unprivileged user (libvirt-qemu).
> 
> In that scenario, when a filesystem (e.g., ext4) performs its zero-out calls,
> which are translated to write-same calls in the guest kernel, and then into
> SG_IO ioctls to the host kernel, SCSI I/O errors may be observed in the guest:
> 
>   [...] sd 0:0:0:0: [sda] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
>   [...] sd 0:0:0:0: [sda] tag#0 Sense Key : Aborted Command [current]
>   [...] sd 0:0:0:0: [sda] tag#0 Add. Sense: I/O process terminated
>   [...] sd 0:0:0:0: [sda] tag#0 CDB: Write Same(10) 41 00 01 04 e0 78 00 00 08 00
>   [...] blk_update_request: I/O error, dev sda, sector 17096824
> 
> Links:
> [1] http://git.qemu.org/?p=qemu.git;a=commit;h=336a6915bc7089fb20fea4ba99972ad9a97c5f52
> [2] https://libvirt.org/formatdomain.html#elementsDisks (see 'disk' -> 'device')
> 
> Signed-off-by: Mauricio Faria de Oliveira <mauricfo at linux.vnet.ibm.com>
> Signed-off-by: Brahadambal Srinivasan <latha at linux.vnet.ibm.com>
> Reported-by: Manjunatha H R <manjuhr1 at in.ibm.com>
> Reviewed-by: Christoph Hellwig <hch at lst.de>
> Signed-off-by: Jens Axboe <axboe at fb.com>
> (cherry picked from commit 25cdb64510644f3e854d502d69c73f21c6df88a9)
> Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
> ---
>  block/scsi_ioctl.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
> index bb44ef7..738c70c 100644
> --- a/block/scsi_ioctl.c
> +++ b/block/scsi_ioctl.c
> @@ -185,6 +185,9 @@ static void blk_set_cmd_filter_defaults(struct blk_cmd_filter *filter)
>  	__set_bit(WRITE_16, filter->write_ok);
>  	__set_bit(WRITE_LONG, filter->write_ok);
>  	__set_bit(WRITE_LONG_2, filter->write_ok);
> +	__set_bit(WRITE_SAME, filter->write_ok);
> +	__set_bit(WRITE_SAME_16, filter->write_ok);
> +	__set_bit(WRITE_SAME_32, filter->write_ok);
>  	__set_bit(ERASE, filter->write_ok);
>  	__set_bit(GPCMD_MODE_SELECT_10, filter->write_ok);
>  	__set_bit(MODE_SELECT, filter->write_ok);
> 

Seems sane to me.

Acked-by: Colin Ian King <colin.king at canonical.com>