lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <08f1e291-0196-2402-1947-c0cdaaf534da@suse.de>
Date:   Wed, 23 Oct 2019 16:13:15 +0200
From:   Hannes Reinecke <hare@...e.de>
To:     Michal Suchanek <msuchanek@...e.de>, linux-scsi@...r.kernel.org
Cc:     Jonathan Corbet <corbet@....net>, Jens Axboe <axboe@...nel.dk>,
        "James E.J. Bottomley" <jejb@...ux.ibm.com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Mauro Carvalho Chehab <mchehab+samsung@...nel.org>,
        Eric Biggers <ebiggers@...gle.com>,
        "J. Bruce Fields" <bfields@...hat.com>,
        Benjamin Coddington <bcodding@...hat.com>,
        Hannes Reinecke <hare@...e.com>,
        Omar Sandoval <osandov@...com>, Ming Lei <ming.lei@...hat.com>,
        Damien Le Moal <damien.lemoal@....com>,
        Bart Van Assche <bvanassche@....org>,
        Tejun Heo <tj@...nel.org>, linux-doc@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH v2 7/8] scsi: sr: workaround VMware ESXi cdrom emulation
 bug

On 10/23/19 2:52 PM, Michal Suchanek wrote:
> The WMware ESXi cdrom identifies itself as:
> sr 0:0:0:0: [sr0] scsi3-mmc drive: vendor: "NECVMWarVMware SATA CD001.00"
> model: "VMware SATA CD001.00"
> with the following get_capabilities print in sr.c:
>         sr_printk(KERN_INFO, cd,
>                   "scsi3-mmc drive: vendor: \"%s\" model: \"%s\"\n",
>                   cd->device->vendor, cd->device->model);
> 
> So the model looks like reliable identification while vendor does not.
> 
> The drive claims to have a tray and claims to be able to close it.
> However, the UI has no notion of a tray - when medium is ejected it is
> dropped in the floor and the user must select a medium again before the
> drive can be re-loaded.  On the kernel side the tray_move call to close
> the tray succeeds but the drive state does not change as a result of the
> call.
> 
> The drive does not in fact emulate the tray state. There are two ways to
> get the medium state. One is the SCSI status:
> 
> Physical drive:
> 
> Fixed format, current; Sense key: Not Ready
> Additional sense: Medium not present - tray open
> Raw sense data (in hex):
>         70 00 02 00 00 00 00 0a  00 00 00 00 3a 02 00 00
>         00 00
> 
> Fixed format, current; Sense key: Not Ready
> Additional sense: Medium not present - tray closed
>  Raw sense data (in hex):
>         70 00 02 00 00 00 00 0a  00 00 00 00 3a 01 00 00
>         00 00
> 
> VMware ESXi:
> 
> Fixed format, current; Sense key: Not Ready
> Additional sense: Medium not present
>   Info fld=0x0 [0]
>  Raw sense data (in hex):
>         f0 00 02 00 00 00 00 0a  00 00 00 00 3a 00 00 00
>         00 00
> 
> So the tray state is not reported here. Other is medium status which the
> kernel prefers if available. Adding a print here gives:
> 
> cdrom: get_media_event success: code = 0, door_open = 1, medium_present = 0
> 
> door_open is interpreted as open tray. This is fine so long as tray_move
> would close the tray when requested or report an error which never
> happens on VMware ESXi servers (5.5 and 6.5 tested).
> 
> This is a popular virtualization platform so a workaround is worthwhile.
> 
> Signed-off-by: Michal Suchanek <msuchanek@...e.de>
> ---
>  drivers/scsi/sr.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
> index 4664fdf75c0f..8090c5bdec09 100644
> --- a/drivers/scsi/sr.c
> +++ b/drivers/scsi/sr.c
> @@ -867,6 +867,7 @@ static void get_capabilities(struct scsi_cd *cd)
>  	unsigned int ms_len = 128;
>  	int rc, n;
>  
> +	static const char *model_vmware = "VMware";
>  	static const char *loadmech[] =
>  	{
>  		"caddy",
> @@ -922,6 +923,11 @@ static void get_capabilities(struct scsi_cd *cd)
>  		  buffer[n + 4] & 0x20 ? "xa/form2 " : "",	/* can read xa/from2 */
>  		  buffer[n + 5] & 0x01 ? "cdda " : "", /* can read audio data */
>  		  loadmech[buffer[n + 6] >> 5]);
> +	if (!strncmp(cd->device->model, model_vmware, strlen(model_vmware))) {
> +		buffer[n + 6] &= ~(0xff << 5);
> +		sr_printk(KERN_INFO, cd,
> +			  "VMware ESXi bug workaround: tray -> caddy\n");
> +	}
>  	if ((buffer[n + 6] >> 5) == 0)
>  		/* caddy drives can't close tray... */
>  		cd->cdi.mask |= CDC_CLOSE_TRAY;
> 
This looks something which should be handled via a blacklist flag, not
some inline hack which everyone forgets about it...

Cheers,

Hannes
-- 
Dr. Hannes Reinecke		      Teamlead Storage & Networking
hare@...e.de			                  +49 911 74053 688
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 247165 (AG München), GF: Felix Imendörffer

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ