Message ID | 4D366DF1.3000303@teksavvy.com |
---|---|
State | Not Applicable |
Delegated to: | David Miller |
Headers | show |
On Tue, Jan 18, 2011 at 11:52:01PM -0500, Mark Lord wrote: > I was sorting through drives here today, and found one that > was "security locked" (had a user passwd set on it), > and for which I did not know the password. > > So I hotplugged it to my SiI-3132 card, with the intent > of simply erasing the drive (thereby clearing the passwd) > using hdparm. > > Except.. the kernel (?) sat there for a very long time trying > (and failing) over and over and over and over and over and over > to read sector-0 (the partition table). Of course the reads > each failed, and then got retried 5-times by SCSI, and then > retried again a zillion times at a higher level. I think SCSI and libata are behaving okay here. The root cause is how the partition code handles IO errors. Different partition table type probes do IOs separately. It's somewhat reasonable given that they may poke at different sectors which sometimes could be near the end of the device failure of which might not necessarily mean the whole device is inaccessible, but anyways the end result is that the each partition table type pokes the drive regardless of how the previous attempt went. And yeah we probably need some improvements there. Thanks.
> Except.. the kernel (?) sat there for a very long time trying > (and failing) over and over and over and over and over and over > to read sector-0 (the partition table). Of course the reads > each failed, and then got retried 5-times by SCSI, and then > retried again a zillion times at a higher level. It gets prodded by the various partition formats, the userspace hotplug code and so on, not always for block 0. > Why so many attempts to read the partition table??? Each partitioning format does its own requests. Normally that is fine but in this case its bad news. > Anyway, here's the hack I used: Presumably we should set a per device flag of 'security locked' and fail normal I/O to it but allow the other paths ? The 'proper' way would then be to use the key rings and also a kernel event to poke userspace into handling it. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-ide" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
--- a/drivers/ata/libata-scsi.c 2010-12-09 20:39:24.401410310 -0500 +++ b/drivers/ata/libata-scsi.c 2011-01-18 20:04:06.017446657 -0500 @@ -1819,7 +1819,15 @@ if (xlat_func(qc)) goto early_finish; - + /* don't flog a dead horse, err.. drive, if it is security-locked */ + if (cmd->cmnd[0] != ATA_12 && cmd->cmnd[0] != ATA_16) { + if (dev->id[128] & (1<<2)) { /* locked? */ + printk(KERN_INFO "%s: blocking SCSI op 0x%02x ATA op 0x%02x\n", __func__, cmd->cmnd[0], qc->tf.command); + ata_scsi_set_sense(cmd, ILLEGAL_REQUEST, 0x21, 0x0); + goto early_finish; + } + } + if (ap->ops->qc_defer) { if ((rc = ap->ops->qc_defer(qc)))