lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 24 Oct 2019 10:56:31 +0200
From:   Michal Suchánek <msuchanek@...e.de>
To:     Hannes Reinecke <hare@...e.de>
Cc:     linux-scsi@...r.kernel.org, Jonathan Corbet <corbet@....net>,
        Jens Axboe <axboe@...nel.dk>,
        "James E.J. Bottomley" <jejb@...ux.ibm.com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Mauro Carvalho Chehab <mchehab+samsung@...nel.org>,
        Eric Biggers <ebiggers@...gle.com>,
        "J. Bruce Fields" <bfields@...hat.com>,
        Benjamin Coddington <bcodding@...hat.com>,
        Hannes Reinecke <hare@...e.com>,
        Omar Sandoval <osandov@...com>, Ming Lei <ming.lei@...hat.com>,
        Damien Le Moal <damien.lemoal@....com>,
        Bart Van Assche <bvanassche@....org>,
        Tejun Heo <tj@...nel.org>, linux-doc@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH v2 7/8] scsi: sr: workaround VMware ESXi cdrom emulation
 bug

On Thu, Oct 24, 2019 at 07:46:57AM +0200, Hannes Reinecke wrote:
> On 10/23/19 6:23 PM, Michal Suchánek wrote:
> > On Wed, Oct 23, 2019 at 04:13:15PM +0200, Hannes Reinecke wrote:
> >> On 10/23/19 2:52 PM, Michal Suchanek wrote:
> >>> The WMware ESXi cdrom identifies itself as:
> >>> sr 0:0:0:0: [sr0] scsi3-mmc drive: vendor: "NECVMWarVMware SATA CD001.00"
> >>> model: "VMware SATA CD001.00"
> >>> with the following get_capabilities print in sr.c:
> >>>         sr_printk(KERN_INFO, cd,
> >>>                   "scsi3-mmc drive: vendor: \"%s\" model: \"%s\"\n",
> >>>                   cd->device->vendor, cd->device->model);
> >>>
> >>> So the model looks like reliable identification while vendor does not.
> >>>
> >>> The drive claims to have a tray and claims to be able to close it.
> >>> However, the UI has no notion of a tray - when medium is ejected it is
> >>> dropped in the floor and the user must select a medium again before the
> >>> drive can be re-loaded.  On the kernel side the tray_move call to close
> >>> the tray succeeds but the drive state does not change as a result of the
> >>> call.
> >>>
> >>> The drive does not in fact emulate the tray state. There are two ways to
> >>> get the medium state. One is the SCSI status:
> >>>
> >>> Physical drive:
> >>>
> >>> Fixed format, current; Sense key: Not Ready
> >>> Additional sense: Medium not present - tray open
> >>> Raw sense data (in hex):
> >>>         70 00 02 00 00 00 00 0a  00 00 00 00 3a 02 00 00
> >>>         00 00
> >>>
> >>> Fixed format, current; Sense key: Not Ready
> >>> Additional sense: Medium not present - tray closed
> >>>  Raw sense data (in hex):
> >>>         70 00 02 00 00 00 00 0a  00 00 00 00 3a 01 00 00
> >>>         00 00
> >>>
> >>> VMware ESXi:
> >>>
> >>> Fixed format, current; Sense key: Not Ready
> >>> Additional sense: Medium not present
> >>>   Info fld=0x0 [0]
> >>>  Raw sense data (in hex):
> >>>         f0 00 02 00 00 00 00 0a  00 00 00 00 3a 00 00 00
> >>>         00 00
> >>>
> >>> So the tray state is not reported here. Other is medium status which the
> >>> kernel prefers if available. Adding a print here gives:
> >>>
> >>> cdrom: get_media_event success: code = 0, door_open = 1, medium_present = 0
> >>>
> >>> door_open is interpreted as open tray. This is fine so long as tray_move
> >>> would close the tray when requested or report an error which never
> >>> happens on VMware ESXi servers (5.5 and 6.5 tested).
> >>>
> >>> This is a popular virtualization platform so a workaround is worthwhile.
> >>>
> >>> Signed-off-by: Michal Suchanek <msuchanek@...e.de>
> >>> ---
> >>>  drivers/scsi/sr.c | 6 ++++++
> >>>  1 file changed, 6 insertions(+)
> >>>
> >>> diff --git a/drivers/scsi/sr.c b/drivers/scsi/sr.c
> >>> index 4664fdf75c0f..8090c5bdec09 100644
> >>> --- a/drivers/scsi/sr.c
> >>> +++ b/drivers/scsi/sr.c
> >>> @@ -867,6 +867,7 @@ static void get_capabilities(struct scsi_cd *cd)
> >>>  	unsigned int ms_len = 128;
> >>>  	int rc, n;
> >>>  
> >>> +	static const char *model_vmware = "VMware";
> >>>  	static const char *loadmech[] =
> >>>  	{
> >>>  		"caddy",
> >>> @@ -922,6 +923,11 @@ static void get_capabilities(struct scsi_cd *cd)
> >>>  		  buffer[n + 4] & 0x20 ? "xa/form2 " : "",	/* can read xa/from2 */
> >>>  		  buffer[n + 5] & 0x01 ? "cdda " : "", /* can read audio data */
> >>>  		  loadmech[buffer[n + 6] >> 5]);
> >>> +	if (!strncmp(cd->device->model, model_vmware, strlen(model_vmware))) {
> >>> +		buffer[n + 6] &= ~(0xff << 5);
> >>> +		sr_printk(KERN_INFO, cd,
> >>> +			  "VMware ESXi bug workaround: tray -> caddy\n");
> >>> +	}
> >>>  	if ((buffer[n + 6] >> 5) == 0)
> >>>  		/* caddy drives can't close tray... */
> >>>  		cd->cdi.mask |= CDC_CLOSE_TRAY;
> >>>
> >> This looks something which should be handled via a blacklist flag, not
> >> some inline hack which everyone forgets about it...
> > 
> > AFAIK we used to have a blacklist but don't have anymore. So either it
> > has to be resurrected for this one flag or an inline hack should be good
> > enough.
> > 
> But we do have one for generic scsi; cf drivers/scsi/scsi_devinfo.c.
> And this pretty much falls into the category of SCSI quirks, so I'd
> prefer have it hooked into that.

But generic scsi does not know about cdrom trays, does it?

Thanks

Michal

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ