linux/drivers/scsi
Paolo Bonzini 0bfc96cb77 block: fail SCSI passthrough ioctls on partition devices
Linux allows executing the SG_IO ioctl on a partition or LVM volume, and
will pass the command to the underlying block device.  This is
well-known, but it is also a large security problem when (via Unix
permissions, ACLs, SELinux or a combination thereof) a program or user
needs to be granted access only to part of the disk.

This patch lets partitions forward a small set of harmless ioctls;
others are logged with printk so that we can see which ioctls are
actually sent.  In my tests only CDROM_GET_CAPABILITY actually occurred.
Of course it was being sent to a (partition on a) hard disk, so it would
have failed with ENOTTY and the patch isn't changing anything in
practice.  Still, I'm treating it specially to avoid spamming the logs.

In principle, this restriction should include programs running with
CAP_SYS_RAWIO.  If for example I let a program access /dev/sda2 and
/dev/sdb, it still should not be able to read/write outside the
boundaries of /dev/sda2 independent of the capabilities.  However, for
now programs with CAP_SYS_RAWIO will still be allowed to send the
ioctls.  Their actions will still be logged.

This patch does not affect the non-libata IDE driver.  That driver
however already tests for bd != bd->bd_contains before issuing some
ioctl; it could be restricted further to forbid these ioctls even for
programs running with CAP_SYS_ADMIN/CAP_SYS_RAWIO.

Cc: linux-scsi@vger.kernel.org
Cc: Jens Axboe <axboe@kernel.dk>
Cc: James Bottomley <JBottomley@parallels.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[ Make it also print the command name when warning - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-01-14 15:07:24 -08:00
..
aacraid drivers/scsi/aacraid/commctrl.c: fix mem leak in aac_send_raw_srb() 2012-01-08 14:15:21 -08:00
aic7xxx treewide: Fix typos in various parts of the kernel, and fix some comments. 2011-12-02 14:57:31 +01:00
aic7xxx_old Fix common misspellings 2011-03-31 11:26:23 -03:00
aic94xx Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2011-10-28 16:44:18 -07:00
arcmsr [SCSI] arcmsr: simplify assumptions in dma_alloc_coherent() 2011-05-01 16:32:23 -05:00
arm Fix common misspellings 2011-03-31 11:26:23 -03:00
be2iscsi SCSI updates for post 3.2 merge window 2012-01-10 10:36:08 -08:00
bfa SCSI updates for post 3.2 merge window 2012-01-10 10:36:08 -08:00
bnx2fc [SCSI] bnx2fc: Bumped version to 1.0.9 2011-10-30 14:05:52 +04:00
bnx2i switch ->is_visible() to returning umode_t 2012-01-03 22:54:55 -05:00
cxgbi Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2012-01-08 12:19:57 -08:00
device_handler [SCSI] scsi_dh: code cleanup and remove the references to scsi_dev_info 2011-12-15 10:55:00 +04:00
dpt atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
fcoe [SCSI] fcoe: fix fcoe in a DCB environment by adding DCB notifiers to set skb priority 2011-12-15 11:02:07 +04:00
fnic [SCSI] fnic: fix incorrect use of SLAB_CACHE_DMA flag 2011-06-29 16:05:41 -05:00
ibmvscsi [SCSI] ibmvfc: Fix Virtual I/O failover hang 2011-06-29 12:08:39 -05:00
isci [SCSI] isci: overriding max_concurr_spinup oem parameter by max(oem, user) 2011-10-31 13:23:18 +04:00
libfc Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
libsas scsi: Add export.h for EXPORT_SYMBOL/THIS_MODULE as required 2011-10-31 19:31:23 -04:00
lpfc [SCSI] lpfc 8.3.28: Update driver version to 8.3.28 2011-12-15 10:57:45 +04:00
megaraid scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
mpt2sas [SCSI] mpt2sas: Removed redundant calling of _scsih_probe_devices() from _scsih_probe 2011-12-15 10:57:43 +04:00
mvsas [SCSI] mv_sas: OCZ RevoDrive3 & zDrive R4 support 2011-10-31 13:29:01 +04:00
osd scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
pcmcia module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
pm8001 [SCSI] isci: export phy events via ->lldd_control_phy() 2011-10-02 13:24:26 -05:00
qla2xxx Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-01-08 13:21:22 -08:00
qla4xxx SCSI updates for post 3.2 merge window 2012-01-10 10:36:08 -08:00
sym53c8xx_2 Fix common misspellings 2011-03-31 11:26:23 -03:00
.gitignore
3w-9xxx.c [SCSI] 3w-9xxx: fix iommu_iova leak 2011-09-26 09:28:58 -05:00
3w-9xxx.h Fix common misspellings 2011-03-31 11:26:23 -03:00
3w-sas.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
3w-sas.h
3w-xxxx.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
3w-xxxx.h Fix common misspellings 2011-03-31 11:26:23 -03:00
53c700_d.h_shipped Fix common misspellings 2011-03-31 11:26:23 -03:00
53c700.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
53c700.h
53c700.scr Fix common misspellings 2011-03-31 11:26:23 -03:00
a100u2w.c Merge branch 'master' into for-next 2010-12-22 18:57:02 +01:00
a100u2w.h
a2091.c scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
a2091.h
a3000.c scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
a3000.h
a4000t.c
advansys.c Fix common misspellings 2011-03-31 11:26:23 -03:00
aha152x.c [SCSI] aha152x: add missing ISA PNP IDs 2011-06-29 15:09:11 -05:00
aha152x.h
aha1542.c module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
aha1542.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
aha1740.c Fix common misspellings 2011-03-31 11:26:23 -03:00
aha1740.h
aic7xxx_old.c Fix common misspellings 2011-03-31 11:26:23 -03:00
atari_NCR5380.c [SCSI] atari_NCR5380: Provide a dummy NCR5380_exit() 2011-06-29 15:11:21 -05:00
atari_scsi.c [SCSI] atari_NCR5380: Provide a dummy NCR5380_exit() 2011-06-29 15:11:21 -05:00
atari_scsi.h
atp870u.c Fix common misspellings 2011-03-31 11:26:23 -03:00
atp870u.h
BusLogic.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
BusLogic.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
bvme6000_scsi.c
ch.c Merge branch 'llseek' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/bkl 2010-10-22 10:52:56 -07:00
constants.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-05-23 09:12:26 -07:00
dc395x.c module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
dc395x.h Fix common misspellings 2011-03-31 11:26:23 -03:00
dmx3191d.c
dpt_i2o.c [SCSI] remove cmd->serial_number litter 2011-05-01 10:22:40 -05:00
dpti.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
dtc.c
dtc.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
eata_generic.h
eata_pio.c [SCSI] remove cmd->serial_number litter 2011-05-01 10:22:40 -05:00
eata_pio.h
eata.c [SCSI] remove cmd->serial_number litter 2011-05-01 10:22:40 -05:00
esp_scsi.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-05-23 09:12:26 -07:00
esp_scsi.h
fd_mcs.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
fdomain.c Fix common misspellings 2011-03-31 11:26:23 -03:00
fdomain.h
FlashPoint.c Fix common misspellings 2011-03-31 11:26:23 -03:00
g_NCR5380_mmio.c
g_NCR5380.c Fix common misspellings 2011-03-31 11:26:23 -03:00
g_NCR5380.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
gdth_ioctl.h
gdth_proc.c [SCSI] gdth: Add missing call to gdth_ioctl_free 2010-12-31 09:50:09 -06:00
gdth_proc.h
gdth.c [SCSI] gdth: Add missing call to gdth_ioctl_free 2010-12-31 09:50:09 -06:00
gdth.h treewide: Fix comment and string typo 'bufer' 2011-12-06 09:53:40 +01:00
gvp11.c scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
gvp11.h
hosts.c [SCSI] Make scsi_free_queue() kill pending SCSI commands 2011-10-30 13:20:28 +04:00
hpsa_cmd.h [SCSI] hpsa: fix potential array overflow in hpsa_update_scsi_devices 2011-10-30 14:34:04 +04:00
hpsa.c [SCSI] hpsa: add the Smart Array 5i to the kdump blacklist 2011-12-15 10:57:30 +04:00
hpsa.h [SCSI] hpsa: detect controller lockup 2011-10-30 14:35:01 +04:00
hptiop.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
hptiop.h
ibmmca.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
imm.c Fix common misspellings 2011-03-31 11:26:23 -03:00
imm.h
in2000.c Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6 2011-05-26 13:19:00 -07:00
in2000.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
initio.c Fix common misspellings 2011-03-31 11:26:23 -03:00
initio.h Fix common misspellings 2011-03-31 11:26:23 -03:00
ipr.c PCI: Rework config space blocking services 2012-01-06 12:10:33 -08:00
ipr.h PCI: Rework config space blocking services 2012-01-06 12:10:33 -08:00
ips.c treewide: Fix typos in various parts of the kernel, and fix some comments. 2011-12-02 14:57:31 +01:00
ips.h Fix common misspellings 2011-03-31 11:26:23 -03:00
iscsi_boot_sysfs.c switch ->is_visible() to returning umode_t 2012-01-03 22:54:55 -05:00
iscsi_tcp.c switch ->is_visible() to returning umode_t 2012-01-03 22:54:55 -05:00
iscsi_tcp.h [SCSI] iscsi_tcp: use iscsi_conn_get_addr_param libiscsi function 2011-02-24 12:41:10 -05:00
jazz_esp.c misc latin1 to utf8 conversions 2012-01-02 13:04:55 +01:00
Kconfig Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild 2011-11-06 18:54:53 -08:00
lasi700.c
libiscsi_tcp.c scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
libiscsi.c scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
libsrp.c scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
mac53c94.c scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
mac53c94.h
mac_esp.c m68k/mac: cleanup mac_irq_pending 2011-12-10 19:52:46 +01:00
mac_scsi.c [SCSI] mac_scsi: Remove obsolete IRQ_FLG_* users 2011-12-15 10:57:43 +04:00
mac_scsi.h
Makefile Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2011-10-28 16:44:18 -07:00
megaraid.c [SCSI] remove cmd->serial_number litter 2011-05-01 10:22:40 -05:00
megaraid.h Fix common misspellings 2011-03-31 11:26:23 -03:00
mesh.c [SCSI] remove cmd->serial_number litter 2011-05-01 10:22:40 -05:00
mesh.h
mvme16x_scsi.c
mvme147.c
mvme147.h
mvumi.c [SCSI] mvumi: Add Marvell UMI driver 2011-08-27 08:36:58 -06:00
mvumi.h [SCSI] mvumi: Add Marvell UMI driver 2011-08-27 08:36:58 -06:00
ncr53c8xx.c [SCSI] remove cmd->serial_number litter 2011-05-01 10:22:40 -05:00
ncr53c8xx.h
NCR53c406a.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
NCR5380.c Fix common misspellings 2011-03-31 11:26:23 -03:00
NCR5380.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
NCR_D700.c
NCR_D700.h
NCR_Q720.c
NCR_Q720.h
nsp32_debug.c treewide: fix a few typos in comments 2011-05-10 10:16:21 +02:00
nsp32_io.h
nsp32.c module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
nsp32.h Fix common misspellings 2011-03-31 11:26:23 -03:00
osst_detect.h
osst_options.h
osst.c [SCSI] osst: fix warning 2011-05-24 13:09:41 -04:00
osst.h Fix common misspellings 2011-03-31 11:26:23 -03:00
pas16.c
pas16.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
pmcraid.c SCSI, pmcraid: Fix spelling error in a pmcraid_err() call 2011-12-15 16:35:38 +01:00
pmcraid.h Remove unneeded version.h includes from drivers/scsi/ 2011-09-15 14:57:07 +02:00
ppa.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
ppa.h
ps3rom.c scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
qla1280.c [SCSI] remove cmd->serial_number litter 2011-05-01 10:22:40 -05:00
qla1280.h
qlogicfas408.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
qlogicfas408.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
qlogicfas.c
qlogicpti.c [SCSI] qlogicpti: fix timeout 2011-10-16 10:58:52 -05:00
qlogicpti.h
raid_class.c
script_asm.pl
scsi_debug.c Fix common misspellings 2011-03-31 11:26:23 -03:00
scsi_devinfo.c [SCSI] Blacklist Traxdata CDR4120 and IOMEGA Zip drive to avoid lock ups. 2011-06-29 15:08:47 -05:00
scsi_error.c [SCSI] add flag to skip the runtime PM calls on the host 2012-01-08 19:14:57 -05:00
scsi_ioctl.c
scsi_lib_dma.c scsi: Add export.h for EXPORT_SYMBOL/THIS_MODULE as required 2011-10-31 19:31:23 -04:00
scsi_lib.c [SCSI] Silencing 'killing requests for dead queue' 2011-11-09 12:07:07 -06:00
scsi_logging.h
scsi_module.c
scsi_netlink.c scsi: Add export.h for EXPORT_SYMBOL/THIS_MODULE as required 2011-10-31 19:31:23 -04:00
scsi_pm.c [SCSI] runtime resume parent for child's system-resume 2012-01-08 19:14:59 -05:00
scsi_priv.h [SCSI] scsi_dh: code cleanup and remove the references to scsi_dev_info 2011-12-15 10:55:00 +04:00
scsi_proc.c scsi: fix scsi_proc new kernel-doc warning 2011-05-28 23:12:11 -07:00
scsi_sas_internal.h
scsi_scan.c [SCSI] fix WARNING: at drivers/scsi/scsi_lib.c:1704 2011-11-09 12:05:23 -06:00
scsi_sysctl.c
scsi_sysfs.c [SCSI] scsi: Added support for adapter and firmware reset 2011-08-27 08:36:46 -06:00
scsi_tgt_if.c scsi: Add export.h for EXPORT_SYMBOL/THIS_MODULE as required 2011-10-31 19:31:23 -04:00
scsi_tgt_lib.c [SCSI] esp, scsi_tgt_lib, fcoe: use list_move() instead of list_del()/list_add() combination 2011-05-01 10:20:10 -05:00
scsi_tgt_priv.h
scsi_trace.c [SCSI] scsi_trace: Decode UNMAP bit in WRITE SAME(10) 2011-05-24 12:38:36 -04:00
scsi_transport_api.h
scsi_transport_fc_internal.h
scsi_transport_fc.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2011-05-20 13:29:52 -07:00
scsi_transport_iscsi.c SCSI updates for post 3.2 merge window 2012-01-10 10:36:08 -08:00
scsi_transport_sas.c [SCSI] libsas: disable scanning lun > 0 on ata devices 2011-10-02 12:29:19 -05:00
scsi_transport_spi.c switch ->is_visible() to returning umode_t 2012-01-03 22:54:55 -05:00
scsi_transport_srp_internal.h
scsi_transport_srp.c
scsi_typedefs.h
scsi_wait_scan.c
scsi.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
scsi.h
scsicam.c fs: move code out of buffer.c 2012-01-03 22:54:07 -05:00
sd_dif.c block: Make the integrity mapped property a bio flag 2010-10-15 15:49:20 +02:00
sd.c block: fail SCSI passthrough ioctls on partition devices 2012-01-14 15:07:24 -08:00
sd.h [SCSI] sd: remove arbitrary SD_MAX_DISKS namespace limit 2011-10-30 12:58:11 +04:00
ses.c [SCSI] ses: requesting a fault indication 2011-06-29 12:14:25 -05:00
sg.c switch procfs to umode_t use 2012-01-03 22:54:56 -05:00
sgiwd93.c update David Miller's old email address 2011-04-06 06:19:38 -07:00
sim710.c
sni_53c710.c misc latin1 to utf8 conversions 2012-01-02 13:04:55 +01:00
sr_ioctl.c scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
sr_vendor.c
sr.c [SCSI] sr: check_events() ignore GET_EVENT when TUR says otherwise 2011-07-21 14:15:58 -07:00
sr.h [SCSI] sr: check_events() ignore GET_EVENT when TUR says otherwise 2011-07-21 14:15:58 -07:00
st_options.h
st.c [SCSI] st: fix race in st_scsi_execute_end 2011-10-30 13:27:28 +04:00
st.h
stex.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
sun3_NCR5380.c [SCSI] sun3: Remove commented out merge_contiguous_buffers 2011-06-29 15:15:05 -05:00
sun3_scsi_vme.c [SCSI] sun3: Add various missing NDEBUG* definitions 2011-06-29 15:14:54 -05:00
sun3_scsi.c [SCSI] sun3: Add various missing NDEBUG* definitions 2011-06-29 15:14:54 -05:00
sun3_scsi.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
sun3x_esp.c
sun_esp.c dt/sparc: Eliminate users of of_platform_{,un}register_driver 2011-02-28 01:36:39 -07:00
sym53c416.c Fix common misspellings 2011-03-31 11:26:23 -03:00
sym53c416.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
t128.c
t128.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
tmscsim.c [SCSI] remove cmd->serial_number litter 2011-05-01 10:22:40 -05:00
tmscsim.h
u14-34f.c [SCSI] remove cmd->serial_number litter 2011-05-01 10:22:40 -05:00
ultrastor.c [SCSI] Fix Ultrastor asm snippet 2011-05-24 13:25:35 -04:00
ultrastor.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
vmw_pvscsi.c treewide: Fix typos in various parts of the kernel, and fix some comments. 2011-12-02 14:57:31 +01:00
vmw_pvscsi.h
wd33c93.c Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6 2011-05-26 13:19:00 -07:00
wd33c93.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
wd7000.c Fix common misspellings 2011-03-31 11:26:23 -03:00
zalon.c
zorro7xx.c