lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 23 Oct 2019 18:23:13 +0200
From:   Michal Suchánek <msuchanek@...e.de>
To:     Hannes Reinecke <hare@...e.de>
Cc:     linux-scsi@...r.kernel.org, Jonathan Corbet <corbet@....net>,
        Jens Axboe <axboe@...nel.dk>,
        "James E.J. Bottomley" <jejb@...ux.ibm.com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Mauro Carvalho Chehab <mchehab+samsung@...nel.org>,
        Eric Biggers <ebiggers@...gle.com>,
        "J. Bruce Fields" <bfields@...hat.com>,
        Benjamin Coddington <bcodding@...hat.com>,
        Hannes Reinecke <hare@...e.com>,
        Omar Sandoval <osandov@...com>, Ming Lei <ming.lei@...hat.com>,
        Damien Le Moal <damien.lemoal@....com>,
        Bart Van Assche <bvanassche@....org>,
        Tejun Heo <tj@...nel.org>, linux-doc@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH v2 7/8] scsi: sr: workaround VMware ESXi cdrom emulation
 bug

On Wed, Oct 23, 2019 at 04:13:15PM +0200, Hannes Reinecke wrote:
> On 10/23/19 2:52 PM, Michal Suchanek wrote:
> > The WMware ESXi cdrom identifies itself as:
> > sr 0:0:0:0: [sr0] scsi3-mmc drive: vendor: "NECVMWarVMware SATA CD001.00"
> > model: "VMware SATA CD001.00"
> > with the following get_capabilities print in sr.c:
> >         sr_printk(KERN_INFO, cd,
> >                   "scsi3-mmc drive: vendor: \"%s\" model: \"%s\"\n",
> >                   cd->device->vendor, cd->device->model);
> > 
> > So the model looks like reliable identification while vendor does not.
> > 
> > The drive claims to have a tray and claims to be able to close it.
> > However, the UI has no notion of a tray - when medium is ejected it is
> > dropped in the floor and the user must select a medium again before the
> > drive can be re-loaded.  On the kernel side the tray_move call to close
> > the tray succeeds but the drive state does not change as a result of the
> > call.
> > 
> > The drive does not in fact emulate the tray state. There are two ways to
> > get the medium state. One is the SCSI status:
> > 
> > Physical drive:
> > 
> > Fixed format, current; Sense key: Not Ready
> > Additional sense: Medium not present - tray open
> > Raw sense data (in hex):
> >         70 00 02 00 00 00 00 0a  00 00 00 00 3a 02 00 00
> >         00 00
> > 
> > Fixed format, current; Sense key: Not Ready
> > Additional sense: Medium not present - tray closed
> >  Raw sense data (in hex):
> >         70 00 02 00 00 00 00 0a  00 00 00 00 3a 01 00 00
> >         00 00
> > 
> > VMware ESXi:
> > 
> > Fixed format, current; Sense key: Not Ready
> > Additional sense: Medium not present
> >   Info fld=0x0 [0]
> >  Raw sense data (in hex):
> >         f0 00 02 00 00 00 00 0a  00 00 00 00 3a 00 00 00
> >         00 00
> > 
> > So the tray state is not reported here. Other is medium status which the
> > kernel prefers if available. Adding a print here gives:
> > 
> > cdrom: get_media_event success: code = 0, door_open = 1, medium_present = 0
> > 
> > door_open is interpreted as open tray. This is fine so long as tray_move
> > would close the tray when requested or report an error which never
> > happens on VMware ESXi servers (5.5 and 6.5 tested).
> > 
> > This is a popular virtualization platform so a workaround is worthwhile.
> > 
> > Signed-off-by: Michal Suchanek <msuchanek@...e.de>
> > ---
> >  drivers/scsi/sr.c | 6 ++++++
> >  1 file changed, 6 insertions(+)
> > 
> > diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
> > index 4664fdf75c0f..8090c5bdec09 100644
> > --- a/drivers/scsi/sr.c
> > +++ b/drivers/scsi/sr.c
> > @@ -867,6 +867,7 @@ static void get_capabilities(struct scsi_cd *cd)
> >  	unsigned int ms_len = 128;
> >  	int rc, n;
> >  
> > +	static const char *model_vmware = "VMware";
> >  	static const char *loadmech[] =
> >  	{
> >  		"caddy",
> > @@ -922,6 +923,11 @@ static void get_capabilities(struct scsi_cd *cd)
> >  		  buffer[n + 4] & 0x20 ? "xa/form2 " : "",	/* can read xa/from2 */
> >  		  buffer[n + 5] & 0x01 ? "cdda " : "", /* can read audio data */
> >  		  loadmech[buffer[n + 6] >> 5]);
> > +	if (!strncmp(cd->device->model, model_vmware, strlen(model_vmware))) {
> > +		buffer[n + 6] &= ~(0xff << 5);
> > +		sr_printk(KERN_INFO, cd,
> > +			  "VMware ESXi bug workaround: tray -> caddy\n");
> > +	}
> >  	if ((buffer[n + 6] >> 5) == 0)
> >  		/* caddy drives can't close tray... */
> >  		cd->cdi.mask |= CDC_CLOSE_TRAY;
> > 
> This looks something which should be handled via a blacklist flag, not
> some inline hack which everyone forgets about it...

AFAIK we used to have a blacklist but don't have anymore. So either it
has to be resurrected for this one flag or an inline hack should be good
enough.

Thanks

Michal

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ