lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 24 Oct 2019 07:46:57 +0200
From:   Hannes Reinecke <hare@...e.de>
To:     Michal Suchánek <msuchanek@...e.de>
Cc:     linux-scsi@...r.kernel.org, Jonathan Corbet <corbet@....net>,
        Jens Axboe <axboe@...nel.dk>,
        "James E.J. Bottomley" <jejb@...ux.ibm.com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Mauro Carvalho Chehab <mchehab+samsung@...nel.org>,
        Eric Biggers <ebiggers@...gle.com>,
        "J. Bruce Fields" <bfields@...hat.com>,
        Benjamin Coddington <bcodding@...hat.com>,
        Hannes Reinecke <hare@...e.com>,
        Omar Sandoval <osandov@...com>, Ming Lei <ming.lei@...hat.com>,
        Damien Le Moal <damien.lemoal@....com>,
        Bart Van Assche <bvanassche@....org>,
        Tejun Heo <tj@...nel.org>, linux-doc@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH v2 7/8] scsi: sr: workaround VMware ESXi cdrom emulation
 bug

On 10/23/19 6:23 PM, Michal Suchánek wrote:
> On Wed, Oct 23, 2019 at 04:13:15PM +0200, Hannes Reinecke wrote:
>> On 10/23/19 2:52 PM, Michal Suchanek wrote:
>>> The WMware ESXi cdrom identifies itself as:
>>> sr 0:0:0:0: [sr0] scsi3-mmc drive: vendor: "NECVMWarVMware SATA CD001.00"
>>> model: "VMware SATA CD001.00"
>>> with the following get_capabilities print in sr.c:
>>>         sr_printk(KERN_INFO, cd,
>>>                   "scsi3-mmc drive: vendor: \"%s\" model: \"%s\"\n",
>>>                   cd->device->vendor, cd->device->model);
>>>
>>> So the model looks like reliable identification while vendor does not.
>>>
>>> The drive claims to have a tray and claims to be able to close it.
>>> However, the UI has no notion of a tray - when medium is ejected it is
>>> dropped in the floor and the user must select a medium again before the
>>> drive can be re-loaded.  On the kernel side the tray_move call to close
>>> the tray succeeds but the drive state does not change as a result of the
>>> call.
>>>
>>> The drive does not in fact emulate the tray state. There are two ways to
>>> get the medium state. One is the SCSI status:
>>>
>>> Physical drive:
>>>
>>> Fixed format, current; Sense key: Not Ready
>>> Additional sense: Medium not present - tray open
>>> Raw sense data (in hex):
>>>         70 00 02 00 00 00 00 0a  00 00 00 00 3a 02 00 00
>>>         00 00
>>>
>>> Fixed format, current; Sense key: Not Ready
>>> Additional sense: Medium not present - tray closed
>>>  Raw sense data (in hex):
>>>         70 00 02 00 00 00 00 0a  00 00 00 00 3a 01 00 00
>>>         00 00
>>>
>>> VMware ESXi:
>>>
>>> Fixed format, current; Sense key: Not Ready
>>> Additional sense: Medium not present
>>>   Info fld=0x0 [0]
>>>  Raw sense data (in hex):
>>>         f0 00 02 00 00 00 00 0a  00 00 00 00 3a 00 00 00
>>>         00 00
>>>
>>> So the tray state is not reported here. Other is medium status which the
>>> kernel prefers if available. Adding a print here gives:
>>>
>>> cdrom: get_media_event success: code = 0, door_open = 1, medium_present = 0
>>>
>>> door_open is interpreted as open tray. This is fine so long as tray_move
>>> would close the tray when requested or report an error which never
>>> happens on VMware ESXi servers (5.5 and 6.5 tested).
>>>
>>> This is a popular virtualization platform so a workaround is worthwhile.
>>>
>>> Signed-off-by: Michal Suchanek <msuchanek@...e.de>
>>> ---
>>>  drivers/scsi/sr.c | 6 ++++++
>>>  1 file changed, 6 insertions(+)
>>>
>>> diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
>>> index 4664fdf75c0f..8090c5bdec09 100644
>>> --- a/drivers/scsi/sr.c
>>> +++ b/drivers/scsi/sr.c
>>> @@ -867,6 +867,7 @@ static void get_capabilities(struct scsi_cd *cd)
>>>  	unsigned int ms_len = 128;
>>>  	int rc, n;
>>>  
>>> +	static const char *model_vmware = "VMware";
>>>  	static const char *loadmech[] =
>>>  	{
>>>  		"caddy",
>>> @@ -922,6 +923,11 @@ static void get_capabilities(struct scsi_cd *cd)
>>>  		  buffer[n + 4] & 0x20 ? "xa/form2 " : "",	/* can read xa/from2 */
>>>  		  buffer[n + 5] & 0x01 ? "cdda " : "", /* can read audio data */
>>>  		  loadmech[buffer[n + 6] >> 5]);
>>> +	if (!strncmp(cd->device->model, model_vmware, strlen(model_vmware))) {
>>> +		buffer[n + 6] &= ~(0xff << 5);
>>> +		sr_printk(KERN_INFO, cd,
>>> +			  "VMware ESXi bug workaround: tray -> caddy\n");
>>> +	}
>>>  	if ((buffer[n + 6] >> 5) == 0)
>>>  		/* caddy drives can't close tray... */
>>>  		cd->cdi.mask |= CDC_CLOSE_TRAY;
>>>
>> This looks something which should be handled via a blacklist flag, not
>> some inline hack which everyone forgets about it...
> 
> AFAIK we used to have a blacklist but don't have anymore. So either it
> has to be resurrected for this one flag or an inline hack should be good
> enough.
> 
But we do have one for generic scsi; cf drivers/scsi/scsi_devinfo.c.
And this pretty much falls into the category of SCSI quirks, so I'd
prefer have it hooked into that.

Cheers,

Hannes
-- 
Dr. Hannes Reinecke		      Teamlead Storage & Networking
hare@...e.de			                  +49 911 74053 688
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 247165 (AG München), GF: Felix Imendörffer

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ