netbsd-bugs: Re: kern/12999: /dev/rcd0a can be opened, but then ops get ENODEV

Subject: Re: kern/12999: /dev/rcd0a can be opened, but then ops get ENODEV
To: Ross Harvey <ross@ghs.com>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: netbsd-bugs
Date: 11/17/2001 18:12:11

On Mon, May 21, 2001 at 01:22:11PM -0700, Ross Harvey wrote:
> 
> >Number:         12999
> >Category:       kern
> >Synopsis:       /dev/rcd0a can be opened, but then ops get ENODEV
> >Confidential:   no
> >Severity:       serious
> >Priority:       medium
> >Responsible:    kern-bug-people
> >State:          open
> >Class:          sw-bug
> >Submitter-Id:   net
> >Arrival-Date:   Mon May 21 13:21:00 PDT 2001
> >Closed-Date:
> >Last-Modified:
> >Originator:     Ross Harvey
> >Release:        all recent, including -current
> >Organization:
> 	
> >Environment:
> 	all, i think, i386 for sure
> System: NetBSD sigmet 1.5U NetBSD 1.5U (skb) #28: Thu Apr 26 19:28:16 PDT 2001 ross@sigmet:/usr/ross/skb i386
> Architecture: i386
> Machine: i386
> >Description:
> 	you can open /dev/rcd0a, for example, cdparanoia -g /dev/rcd0a ...,
> 	as it has a fake label, but then you can't do much with it because
> 	many ops are only supported on the RAW_PART, apparently so they will
> 	work with no media present.
> 
> 	but this makes the error completely nonsensical .. if it isn't going
> 	to support the ops:
> 		(1) it shouldn't fake up a label for that partition
> 		(2) it shouldn't allow you to open it
> >How-To-Repeat:
> 	# ktrace -i cdparanoia -g /dev/rcd0a -B 1-99
> 	# kdump
> 	watch it open the device successfully, but then
> 	fail to execute any ioctls, returning ENOTTY

I just started looking at this, sorry for the delay.
In fact cdparanoia is getting ENOTTY here because it is trying to send
SCSI commands to the device, and this is only allowed for raw partition.
I'm not sure this is the kind of ops you want to allow for any opened
partition, as this allows to do almost anything with the device like
eject it even when it's still in use, or, for disks, read sectors outside
of the partition or reformat it.
You may want to allow arbitrary users to have read/write access to 
a partition while not allowing them to send arbitrary SCSI commands to
the device. So in the general case we want to restrict scsipi_do_ioctl()
to the raw partition. I don't think we should special-case the CD device,
but I'm open to discussion.

--
Manuel Bouyer <bouyer@antioche.eu.org>
--