lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 23 Oct 2019 17:44:54 -0400
From:   "Ewan D. Milne" <emilne@...hat.com>
To:     Michal Suchánek <msuchanek@...e.de>,
        Hannes Reinecke <hare@...e.de>
Cc:     linux-scsi@...r.kernel.org, Jonathan Corbet <corbet@....net>,
        Jens Axboe <axboe@...nel.dk>,
        "James E.J. Bottomley" <jejb@...ux.ibm.com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Mauro Carvalho Chehab <mchehab+samsung@...nel.org>,
        Eric Biggers <ebiggers@...gle.com>,
        "J. Bruce Fields" <bfields@...hat.com>,
        Benjamin Coddington <bcodding@...hat.com>,
        Hannes Reinecke <hare@...e.com>,
        Omar Sandoval <osandov@...com>, Ming Lei <ming.lei@...hat.com>,
        Damien Le Moal <damien.lemoal@....com>,
        Bart Van Assche <bvanassche@....org>,
        Tejun Heo <tj@...nel.org>, linux-doc@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH v2 7/8] scsi: sr: workaround VMware ESXi cdrom emulation
 bug

On Wed, 2019-10-23 at 18:23 +0200, Michal Suchánek wrote:
> On Wed, Oct 23, 2019 at 04:13:15PM +0200, Hannes Reinecke wrote:
> > On 10/23/19 2:52 PM, Michal Suchanek wrote:
> > > The WMware ESXi cdrom identifies itself as:
> > > sr 0:0:0:0: [sr0] scsi3-mmc drive: vendor: "NECVMWarVMware SATA CD001.00"
> > > model: "VMware SATA CD001.00"
> > > with the following get_capabilities print in sr.c:
> > >         sr_printk(KERN_INFO, cd,
> > >                   "scsi3-mmc drive: vendor: \"%s\" model: \"%s\"\n",
> > >                   cd->device->vendor, cd->device->model);
> > > 
> > > So the model looks like reliable identification while vendor does not.
> > > 
> > > The drive claims to have a tray and claims to be able to close it.
> > > However, the UI has no notion of a tray - when medium is ejected it is
> > > dropped in the floor and the user must select a medium again before the
> > > drive can be re-loaded.  On the kernel side the tray_move call to close
> > > the tray succeeds but the drive state does not change as a result of the
> > > call.
> > > 
> > > The drive does not in fact emulate the tray state. There are two ways to
> > > get the medium state. One is the SCSI status:
> > > 
> > > Physical drive:
> > > 
> > > Fixed format, current; Sense key: Not Ready
> > > Additional sense: Medium not present - tray open
> > > Raw sense data (in hex):
> > >         70 00 02 00 00 00 00 0a  00 00 00 00 3a 02 00 00
> > >         00 00
> > > 
> > > Fixed format, current; Sense key: Not Ready
> > > Additional sense: Medium not present - tray closed
> > >  Raw sense data (in hex):
> > >         70 00 02 00 00 00 00 0a  00 00 00 00 3a 01 00 00
> > >         00 00
> > > 
> > > VMware ESXi:
> > > 
> > > Fixed format, current; Sense key: Not Ready
> > > Additional sense: Medium not present
> > >   Info fld=0x0 [0]
> > >  Raw sense data (in hex):
> > >         f0 00 02 00 00 00 00 0a  00 00 00 00 3a 00 00 00
> > >         00 00
> > > 
> > > So the tray state is not reported here. Other is medium status which the
> > > kernel prefers if available. Adding a print here gives:
> > > 
> > > cdrom: get_media_event success: code = 0, door_open = 1, medium_present = 0
> > > 
> > > door_open is interpreted as open tray. This is fine so long as tray_move
> > > would close the tray when requested or report an error which never
> > > happens on VMware ESXi servers (5.5 and 6.5 tested).
> > > 
> > > This is a popular virtualization platform so a workaround is worthwhile.
> > > 
> > > Signed-off-by: Michal Suchanek <msuchanek@...e.de>
> > > ---
> > >  drivers/scsi/sr.c | 6 ++++++
> > >  1 file changed, 6 insertions(+)
> > > 
> > > diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
> > > index 4664fdf75c0f..8090c5bdec09 100644
> > > --- a/drivers/scsi/sr.c
> > > +++ b/drivers/scsi/sr.c
> > > @@ -867,6 +867,7 @@ static void get_capabilities(struct scsi_cd *cd)
> > >  	unsigned int ms_len = 128;
> > >  	int rc, n;
> > >  
> > > +	static const char *model_vmware = "VMware";
> > >  	static const char *loadmech[] =
> > >  	{
> > >  		"caddy",
> > > @@ -922,6 +923,11 @@ static void get_capabilities(struct scsi_cd *cd)
> > >  		  buffer[n + 4] & 0x20 ? "xa/form2 " : "",	/* can read xa/from2 */
> > >  		  buffer[n + 5] & 0x01 ? "cdda " : "", /* can read audio data */
> > >  		  loadmech[buffer[n + 6] >> 5]);
> > > +	if (!strncmp(cd->device->model, model_vmware, strlen(model_vmware))) {
> > > +		buffer[n + 6] &= ~(0xff << 5);
> > > +		sr_printk(KERN_INFO, cd,
> > > +			  "VMware ESXi bug workaround: tray -> caddy\n");
> > > +	}
> > >  	if ((buffer[n + 6] >> 5) == 0)
> > >  		/* caddy drives can't close tray... */
> > >  		cd->cdi.mask |= CDC_CLOSE_TRAY;
> > > 
> > 
> > This looks something which should be handled via a blacklist flag, not
> > some inline hack which everyone forgets about it...
> 
> AFAIK we used to have a blacklist but don't have anymore. So either it
> has to be resurrected for this one flag or an inline hack should be good
> enough.
> 

I agree with Hannes.  We should have a blacklist flag for this.
Putting inline code in the sr driver that special cases on a particular
device model string is not clean.  The "VMware ESXi bug workaround" message
is not particularly descriptive either.

-Ewan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ