• Mauricio Faria de Oliveira's avatar
    block: allow WRITE_SAME commands with the SG_IO ioctl · 25cdb645
    Mauricio Faria de Oliveira authored
    The WRITE_SAME commands are not present in the blk_default_cmd_filter
    write_ok list, and thus are failed with -EPERM when the SG_IO ioctl()
    is executed without CAP_SYS_RAWIO capability (e.g., unprivileged users).
    [ sg_io() -> blk_fill_sghdr_rq() > blk_verify_command() -> -EPERM ]
    
    The problem can be reproduced with the sg_write_same command
    
      # sg_write_same --num 1 --xferlen 512 /dev/sda
      #
    
      # capsh --drop=cap_sys_rawio -- -c \
        'sg_write_same --num 1 --xferlen 512 /dev/sda'
        Write same: pass through os error: Operation not permitted
      #
    
    For comparison, the WRITE_VERIFY command does not observe this problem,
    since it is in that list:
    
      # capsh --drop=cap_sys_rawio -- -c \
        'sg_write_verify --num 1 --ilen 512 --lba 0 /dev/sda'
      #
    
    So, this patch adds the WRITE_SAME commands to the list, in order
    for the SG_IO ioctl to finish successfully:
    
      # capsh --drop=cap_sys_rawio -- -c \
        'sg_write_same --num 1 --xferlen 512 /dev/sda'
      #
    
    That case happens to be exercised by QEMU KVM guests with 'scsi-block' devices
    (qemu "-device scsi-block" [1], libvirt "<disk type='block' device='lun'>" [2]),
    which employs the SG_IO ioctl() and runs as an unprivileged user (libvirt-qemu).
    
    In that scenario, when a filesystem (e.g., ext4) performs its zero-out calls,
    which are translated to write-same calls in the guest kernel, and then into
    SG_IO ioctls to the host kernel, SCSI I/O errors may be observed in the guest:
    
      [...] sd 0:0:0:0: [sda] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
      [...] sd 0:0:0:0: [sda] tag#0 Sense Key : Aborted Command [current]
      [...] sd 0:0:0:0: [sda] tag#0 Add. Sense: I/O process terminated
      [...] sd 0:0:0:0: [sda] tag#0 CDB: Write Same(10) 41 00 01 04 e0 78 00 00 08 00
      [...] blk_update_request: I/O error, dev sda, sector 17096824
    
    Links:
    [1] http://git.qemu.org/?p=qemu.git;a=commit;h=336a6915bc7089fb20fea4ba99972ad9a97c5f52
    [2] https://libvirt.org/formatdomain.html#elementsDisks (see 'disk' -> 'device')
    Signed-off-by: default avatarMauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
    Signed-off-by: default avatarBrahadambal Srinivasan <latha@linux.vnet.ibm.com>
    Reported-by: default avatarManjunatha H R <manjuhr1@in.ibm.com>
    Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
    Signed-off-by: default avatarJens Axboe <axboe@fb.com>
    25cdb645
scsi_ioctl.c 19.5 KB