View previous topic :: View next topic |
Author |
Message |
dsd Developer
Joined: 30 Mar 2003 Posts: 2162 Location: nr London
|
Posted: Fri Nov 05, 2004 12:39 pm Post subject: Request for testing: CD/DVD writing on 2.6.9 |
|
|
Hi,
Now that I've got a cd writer again I've been trying to straighten out the CD burning situation in recent 2.6 kernels. To put it in context:
Sometime soon after 2.6.7, it was decided that allowing users to execute SCSI commands was a big security issue (even though they are usually connected through IDE/ATAPI, cd writers use SCSI commands for CD writing).
2.6.8 came out with a security fix, which was too restrictive and mostly broke cd writing. 2.6.9 improved upon this and has solved the problem (I think!).
The thing is, gentoo-dev-sources and ck-sources (probably others too) include a patch in the 2.6.8 and 2.6.9 releases, which completely bypasses the security fix. So these issues probably weren't visible anyway.
I removed the patch and tested writing on my new burner. It worked as expected, minus cdrdao not being able to read the buffer capacity. I wrote a kernel patch to allow it to be able to read that again,which got accepted into the 2.6.10 tree yesterday.
I've removed the bypass-security-fix from gentoo-dev-2.6.9-r3 and added my own patch to allow cdrdao to be happy again. What I'd appreciate now is testing from people who burn CDs or DVDs, so that we can be sure that the security fix isnt rejecting SCSI commands that are required.
Here's what you need to do:
1. Get the latest sources:
Code: | emerge =gentoo-dev-sources-2.6.9-r3 |
This has just gone into portage so you probably need to sync. Also its marked ~arch so will involve you going into the testing tree.
2. Apply a further debug patch which will tell us if SCSI commands are being rejected:
Code: |
cd /usr/src/linux-2.6.9-gentoo-r3
wget "http://www.reactivated.net/patches/linux-kernel/2.6.9/scsi_ioctl-debug-rejected-commands.patch"
patch -p1 -i scsi_ioctl-debug-rejected-commands.patch |
3. Compile, install, and reboot into your new kernel in the usual way.
4. Ensure that you have write access to your CD/DVD writer node. My CD writer is /dev/hdc and I can see that I need to be in the "disk" group to be able to write to it:
Code: | # ls -l /dev/hdc
brw-rw---- 1 root disk 22, 0 Nov 3 22:36 /dev/hdc |
5. Make sure your CD writing software is *not* setuid root.
Code: | chmod -s /usr/bin/cdrecord
chmod -s /usr/bin/cdrdao
# repeat for all other cd writing software you use |
6. Write a CD. Simulation will do. Do this as a user, *not* as root.
And make sure you use the dev=/dev/hdc notation for cdrecord. Using dev=ATAPI:0,0,0 style notation no longer works.
7. Run "dmesg". Towards the end of the output, you will probably see output such as:
Code: | verify_command: rejected command 1 |
Post all of those rejection messages here.
Please repeat this for other software you have available. I'm especially interested in getting this tested with k3b (I don't fancy compiling X, half of KDE, ..., on my server just to try this). Also testing from DVD writing software would be great, since I don't own a DVD writer.
Thanks! _________________ http://dev.gentoo.org/~dsd
Last edited by dsd on Sat Nov 27, 2004 8:50 pm; edited 2 times in total |
|
Back to top |
|
|
Codo Apprentice
Joined: 17 May 2004 Posts: 271
|
Posted: Fri Nov 05, 2004 12:45 pm Post subject: CDR Test |
|
|
dsd:
I can do some testing tonight. My CDR is USB though, connected to my laptop. I think the CDR itself is IDE/ATAPI over USB. Is it worth? If not, let me know pls.
Codo |
|
Back to top |
|
|
dsd Developer
Joined: 30 Mar 2003 Posts: 2162 Location: nr London
|
Posted: Fri Nov 05, 2004 12:50 pm Post subject: |
|
|
yes, that will be useful - thanks
i think USB cd writing goes over the same transport. It should be easy to see for certain, since it should definately reject command 1 a few times (still trying to find out exactly what this is) _________________ http://dev.gentoo.org/~dsd |
|
Back to top |
|
|
Codo Apprentice
Joined: 17 May 2004 Posts: 271
|
Posted: Sat Nov 06, 2004 1:23 pm Post subject: |
|
|
Made some testing, and... nothing. there is no output on /var/log/messages...
I am using cdrecord with a GUI called cdbakeoven. The only thing is that cdrecord complains about not being able to do a mlockall and set RR-scheduler, but I think this has nothing to do with the SCSI transport...
Let me know if you need me to check anything. |
|
Back to top |
|
|
dsd Developer
Joined: 30 Mar 2003 Posts: 2162 Location: nr London
|
Posted: Sat Nov 06, 2004 1:49 pm Post subject: |
|
|
hm, in a way thats good news, perhaps rejecting command 1 is something specific to my setup.
even so, you could run a couple of checks to make sure you are running the right kernel:
running "uname -v" will tell you the date and time when the active kernel was compiled.
when you open /usr/src/linux-2.6.9-gentoo-r3/drivers/block/scsi_ioctl.c in a text editor, you should be able to do a search for "rejected" which will take you to a code block looking like the following:
Code: |
if (verify_command(file, cmd)) {
printk(KERN_ERR "verify_command: rejected command %x\n", cmd[0]);
return -EPERM;
}
|
as long as that is there, and you are definately booted into the right kernel, then we can say that everything is working just fine
thanks for the test _________________ http://dev.gentoo.org/~dsd |
|
Back to top |
|
|
keyson l33t
Joined: 10 Jun 2003 Posts: 830 Location: Sweden
|
Posted: Sat Nov 06, 2004 1:50 pm Post subject: |
|
|
Hi
On my:
Quote: | hdc: LITE-ON DVDRW LDW-811S, ATAPI CD/DVD-ROM drive |
i get:
Quote: | verify_command: rejected command 1 |
when burning a cdr with k3b.
Quote: | verify_command: rejected command 1 |
when burning cdrw (k3b)
And
Quote: | verify_command: rejected command 1e |
when i burnt a dvd+rw (k3b)(Don't want to burn a dvd+r as it would
not simulate)
Program used by k3b:
cdrecord 2.1
dvd+rw-format 4.10
-Kjell |
|
Back to top |
|
|
dsd Developer
Joined: 30 Mar 2003 Posts: 2162 Location: nr London
|
Posted: Sat Nov 06, 2004 2:45 pm Post subject: |
|
|
thanks! command 1 seems to be obseleted so i wont worry about that, but 1e is PREVENT_ALLOW_MEDIUM_REMOVAL which basically allows the software to ask the drive not to allow the user to eject the disc, or to let them eject it again, etc. it doesn't conflict with any other commands and looks safe so i'll get it added to the kernel. _________________ http://dev.gentoo.org/~dsd |
|
Back to top |
|
|
Codo Apprentice
Joined: 17 May 2004 Posts: 271
|
Posted: Sat Nov 06, 2004 3:38 pm Post subject: |
|
|
dsd:
I don't know if you're interested (I was going to do some tests...) but when I booted your kernel, burned, and then tried to reboot, my kernel crashed. As I went to the toilet while it was rebooting, I couldn't see what actually went wrong, but the callstack (if that was a callstack) indicated some problems in the SCSI modules/functions.
The door of my CDR was open when trying to reboot, maybe that was an issue. I managed to hang the computer as well unplugging my USB 2.0 PCMCIA adapter (my connection is PCMCIA --> USB --> CDR).
I have to go now, I'll do more tests later... |
|
Back to top |
|
|
Broot Tux's lil' helper
Joined: 20 Sep 2003 Posts: 122
|
Posted: Sat Nov 06, 2004 5:15 pm Post subject: |
|
|
Unfortunately, I tried burning a CD with cdrecord as a regular user (via xcdroast) and all it can give me is this:
Code: | cdrecord: Cannot allocate memory. Cannot get SCSI I/O buffer. |
Before doing chmod -s /usr/bin/cdrecord, it also had a statement at the end that said something like Using 'schily-0.8.'
Checking dmesg, all I get is a long string of rejected commands type "55" interspersed with some types "bb."
In any event, I'm very glad someone is addressing this issue, as I really did not want to downgrade my kernel so I could have functional CD writing. Thanks for the patch.
EDIT: Tried to burn the same files to CD using xcdroast in su mode. Both times I tried, OPC failed and the whole operation stopped within a few seconds. dmesg didn't show up with anything new. I uploaded the saved cdrecord.out file for reference.
Last edited by Broot on Sat Nov 06, 2004 9:17 pm; edited 1 time in total |
|
Back to top |
|
|
Broot Tux's lil' helper
Joined: 20 Sep 2003 Posts: 122
|
Posted: Sat Nov 06, 2004 9:14 pm Post subject: |
|
|
Update: I tried to burn the Ubuntu Linux 4.10 LiveCD ISO again using the Nautilus CD-writing plugin as a normal user. Everything seemed to go normally, although I could hear the CD drive speed up and slow down frantically during certain intervals, especially after fixating. As before (with 2.6.9-gentoo-r1 - refer to this thread for more info and ignore my second post), the CD is unreadable. :/ |
|
Back to top |
|
|
dsd Developer
Joined: 30 Mar 2003 Posts: 2162 Location: nr London
|
Posted: Sun Nov 07, 2004 12:30 am Post subject: |
|
|
dont write cd's as root. take all the suid bits off etc (please reread the instructions at the top). it should work just fine as normal user. but, if when you are doing this, rejection messages appear in dmesg, then i'd like to know.
55 and bb are already permitted by the kernel, but only if the software opens the devices in write mode - some software opens in RDONLY, which causes rejections like this. same issue exists for the 1e command mentioned already in this thread..its time to track down which software caused that request. i've already fixed cdmrw and cdrwtool here.
your cd recording issue sounds a little odd if you have definately followed the instructions in this thread. which other kernels have you tried? when did it last work? _________________ http://dev.gentoo.org/~dsd |
|
Back to top |
|
|
dsd Developer
Joined: 30 Mar 2003 Posts: 2162 Location: nr London
|
Posted: Sun Nov 07, 2004 12:45 am Post subject: |
|
|
keyson: as mentioned above, your rejected command 1e is not a kernel issue. it is most likely it came from dvd+rw-format, and i just checked their sources, they have already fixed this in the latest ~arch release. thanks for the testing! _________________ http://dev.gentoo.org/~dsd |
|
Back to top |
|
|
mholtz Tux's lil' helper
Joined: 04 Feb 2004 Posts: 110 Location: Ohio, USA
|
Posted: Tue Nov 09, 2004 4:41 am Post subject: |
|
|
I got this when I tried to burn a CD with the steps outlined above:
Code: |
verify_command: rejected command 55
verify_command: rejected command 55
verify_command: rejected command 55
verify_command: rejected command 55
verify_command: rejected command 55
verify_command: rejected command 55
verify_command: rejected command 55
verify_command: rejected command 55
verify_command: rejected command 55
|
I should also note that the CD refused to burn this time around. This time cdrecord reports that Code: |
Cdrecord-Clone 2.01 (i686-pc-linux-gnu) Copyright (C) 1995-2004 J�rg Schilling
cdrecord: Warning: Running on Linux-2.6.9-gentoo-r3
cdrecord: There are unsettled issues with Linux-2.5 and newer.
cdrecord: If you have unexpected problems, please try Linux-2.4 or Solaris.
cdrecord: Warning: Linux-2.6.8 introduced incompatible interface changes.
cdrecord: Warning: SCSI transport does no longer work for suid root programs.
cdrecord: Warning: if cdrecord fails, try to run it from a root account.
TOC Type: 0 = CD-DA
cdrecord: Cannot allocate memory. WARNING: Cannot do mlockall(2).
cdrecord: WARNING: This causes a high risk for buffer underruns.
cdrecord: Operation not permitted. WARNING: Cannot set RR-scheduler
cdrecord: Permission denied. WARNING: Cannot set priority using setpriority().
cdrecord: WARNING: This causes a high risk for buffer underruns.
scsidev: 'ATAPI:0,0,0'
devname: 'ATAPI'
scsibus: 0 target: 0 lun: 0
Warning: Using ATA Packet interface.
Warning: The related Linux kernel interface code seems to be unmaintained.
Warning: There is absolutely NO DMA, operations thus are slow.
Using libscg version 'schily-0.8'.
SCSI buffer size: 64512
atapi: 1
Device type : Removable CD-ROM
Version : 0
Response Format: 2
Capabilities :
Vendor_info : 'LITE-ON '
Identifikation : 'COMBO LTC-48161H'
Revision : 'KH0P'
Device seems to be: Generic mmc2 DVD-ROM.
Current: 0x0009
Profile: 0x0010
Profile: 0x000A
Profile: 0x0009 (current)
Profile: 0x0008
Profile: 0x0002
Using generic SCSI-3/mmc CD-R/CD-RW driver (mmc_cdr).
Driver flags : MMC-3 SWABAUDIO BURNFREE FORCESPEED
Supported modes:
Drive buf size : 1422080 = 1388 KB
FIFO size : 4194304 = 4096 KB
cdrecord: Drive does not support TAO recording.
cdrecord: Illegal write mode for this drive.
verify_command: rejected command 55
|
This is regardless of the fact that cdrecord reports this:
Code: |
#cdrecord dev="ATAPI:0,0,0" -atip
cdDevice type : Removable CD-ROM
Version : 0
Response Format: 2
Capabilities :
Vendor_info : 'LITE-ON '
Identifikation : 'COMBO LTC-48161H'
Revision : 'KH0P'
Device seems to be: Generic mmc2 DVD-ROM.
Using generic SCSI-3/mmc CD-R/CD-RW driver (mmc_cdr).
Driver flags : MMC-3 SWABAUDIO BURNFREE FORCESPEED
Supported modes: TAO PACKET SAO SAO/R96P SAO/R96R RAW/R16 RAW/R96P RAW/R96R
|
|
|
Back to top |
|
|
dsd Developer
Joined: 30 Mar 2003 Posts: 2162 Location: nr London
|
Posted: Wed Nov 10, 2004 1:59 pm Post subject: |
|
|
mholtz: are you sure you have write access to your cd writer node? which cdrecord command are you using?
command 55 is MODE_SELECT and this is permitted by the kernel filter as long as you have write access to the device in question. _________________ http://dev.gentoo.org/~dsd |
|
Back to top |
|
|
mholtz Tux's lil' helper
Joined: 04 Feb 2004 Posts: 110 Location: Ohio, USA
|
Posted: Thu Nov 11, 2004 4:29 am Post subject: |
|
|
The command I ran for the above output was this:
Code: |
$ cdrecord dev=ATAPI:0,0,0 speed=44 -pad -audio -v -gracetime=2 *.wav
|
Here is the info on my CD-R node.
Code: |
$ ls -la /dev/cdroms/cdrom0
lrwxrwxrwx 1 root root 6 11æ 10 09:00 /dev/cdroms/cdrom0 -> ../hdc
$ ls -la /dev/hdc
brw------- 1 mholtz cdrom 22, 0 5æ 10 2004 /dev/hdc
|
Unless the device node changes its permissions from kernel to kernel (does it?), it should have worked, no? |
|
Back to top |
|
|
dsd Developer
Joined: 30 Mar 2003 Posts: 2162 Location: nr London
|
Posted: Thu Nov 11, 2004 6:03 am Post subject: |
|
|
how about if you try:
Code: | cdrecord dev=/dev/hdc speed=44 -pad -audio -v -gracetime=2 *.wav |
also, how about a data cd? maybe your problem only affects audio cd's, i havent tried them.. _________________ http://dev.gentoo.org/~dsd |
|
Back to top |
|
|
AC n00b
Joined: 16 Nov 2003 Posts: 46
|
Posted: Thu Nov 11, 2004 4:15 pm Post subject: tried... not working... help please |
|
|
i've tried your solution with the patch. actualy, i'm currently using 2.6.9-r3 kernel but I can't use my cdrw/dvd combo drive. this is what I get when i run
ls -l /dev/hd*
Code: |
lr-xr-xr-x 1 root root 32 Nov 10 15:25 /dev/hda -> ide/host0/bus0/target0/lun0/disc
lr-xr-xr-x 1 root root 33 Nov 10 15:25 /dev/hda1 -> ide/host0/bus0/target0/lun0/part1
lr-xr-xr-x 1 root root 33 Nov 10 15:25 /dev/hda2 -> ide/host0/bus0/target0/lun0/part2
lr-xr-xr-x 1 root root 33 Nov 10 15:25 /dev/hda3 -> ide/host0/bus0/target0/lun0/part3
lr-xr-xr-x 1 root root 33 Nov 10 15:25 /dev/hda4 -> ide/host0/bus0/target0/lun0/part4
|
this is my dmesg | grep hd
Code: |
Kernel command line: root=/dev/hda4 append="hdc=ide"
ide0: BM-DMA at 0x1860-0x1867, BIOS settings: hda:DMA, hdb:pio
ide1: BM-DMA at 0x1868-0x186f, BIOS settings: hdc:DMA, hdd:pio
hda: HTS548040M9AT00, ATA DISK drive
hdc: TOSHIBA DVD-ROM SD-R9012, ATAPI CD/DVD-ROM drive
hda: max request size: 128KiB
hda: Host Protected Area detected.
hda: 71029746 sectors (36367 MB) w/7877KiB Cache, CHS=65535/16/63, UDMA(100)
hda: cache flushes supported
hdc: ATAPI 24X DVD-ROM CD-R/RW drive, 2048kB Cache, UDMA(33)
ReiserFS: hda4: found reiserfs format "3.6" with standard journal
ReiserFS: hda4: using ordered data mode
ReiserFS: hda4: journal params: device hda4, size 8192, journal first block 18, max trans len 1024, max batch 900, max commit age 30, max trans age 30
ReiserFS: hda4: checking transaction log (hda4)
ReiserFS: hda4: Using r5 hash to sort names
Adding 1005472k swap on /dev/hda3. Priority:-1 extents:1
e1000: eth0: e1000_watchdog: NIC Link is Up 100 Mbps Full Duplex
hda: dma_intr: status=0x58 { DriveReady SeekComplete DataRequest }
hda: set_drive_speed_status: status=0x58 { DriveReady SeekComplete DataRequest }
|
cat /etc/fstab
Code: |
# /etc/fstab: static file system information.
# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/fstab,v 1.14 2003/10/13 20:03:38 azarah Exp $
#
# noatime turns off atimes for increased performance (atimes normally aren't
# needed; notail increases performance of ReiserFS (at the expense of storage
# efficiency). It's safe to drop the noatime options if you want and to
# switch between notail and tail freely.
# <fs> <mountpoint> <type> <opts> <dump/pass>
# NOTE: If your BOOT partition is ReiserFS, add the notail option to opts.
/dev/hda2 /boot ext2 noauto,noatime 1 2
/dev/hda3 none swap sw 0 0
/dev/hda4 / reiserfs noatime 0 1
/dev/cdroms/cdrom0 /mnt/cdrom iso9660 noauto,user,ro 0 0
/dev/hda1 /mnt/win ntfs auto,user,umask=022 0 0
# NOTE: The next line is critical for boot!
none /proc proc defaults 0 0
# glibc 2.2 and above expects tmpfs to be mounted at /dev/shm for
# POSIX shared memory (shm_open, shm_unlink).
# (tmpfs is a dynamically expandable/shrinkable ramdisk, and will
# use almost no memory if not populated with files)
# Adding the following line to /etc/fstab should take care of this:
none /dev/shm tmpfs defaults 0 0
#none /proc/bus/usb usbfs defaults 0 0
|
mount /mnt/cdrom
Code: |
mount: special device /dev/cdroms/cdrom0 does not exist
|
mount /dev/hdc /mnt/cdrom
Code: |
mount: special device /dev/hdc does not exist
|
i've searched the forum for 3 weeks or so now. if you could shed some light I would be most grateful.
if you need any more info to post let me know,
thank you |
|
Back to top |
|
|
dsd Developer
Joined: 30 Mar 2003 Posts: 2162 Location: nr London
|
Posted: Thu Nov 11, 2004 4:17 pm Post subject: |
|
|
your device manager isnt creating a node for your cdrom. this is a totally separate issue, please open another thread to keep this one on track. _________________ http://dev.gentoo.org/~dsd |
|
Back to top |
|
|
AC n00b
Joined: 16 Nov 2003 Posts: 46
|
Posted: Thu Nov 11, 2004 4:24 pm Post subject: |
|
|
wow, you're fast.
i've opened a new thread, thanks |
|
Back to top |
|
|
irondog l33t
Joined: 07 Jul 2003 Posts: 715 Location: Voor mijn TV. Achter mijn pc.
|
Posted: Thu Nov 11, 2004 6:24 pm Post subject: |
|
|
So, if I'm not supposed to burn as root, how should the permissions of the cdrom device (I.E. /dev/hda) look like?
After booting it's 600 here, but shouldn't it be the number o/t beast? _________________ Alle dingen moeten onzin zijn. |
|
Back to top |
|
|
idkwiam187 n00b
Joined: 16 Jan 2004 Posts: 46 Location: Virginia, USA
|
Posted: Thu Nov 11, 2004 7:45 pm Post subject: |
|
|
irondog: you should change the ownership of the device so that root owns it and its group is a CD Buring group, "cdrom" for example. Then set the permissions to 660 and put your normal user, and any other users on the box that will use the burner in that group. |
|
Back to top |
|
|
eradicator Retired Dev
Joined: 01 Apr 2003 Posts: 144 Location: Berkeley, CA
|
Posted: Fri Nov 12, 2004 12:44 am Post subject: |
|
|
dsd wrote: | how about if you try:
Code: | cdrecord dev=/dev/hdc speed=44 -pad -audio -v -gracetime=2 *.wav |
also, how about a data cd? maybe your problem only affects audio cd's, i havent tried them.. |
I had the same issue... changing to dev=/dev/hdc is a usable workaround for me |
|
Back to top |
|
|
eradicator Retired Dev
Joined: 01 Apr 2003 Posts: 144 Location: Berkeley, CA
|
Posted: Fri Nov 12, 2004 1:28 am Post subject: |
|
|
Seems to be burning fine, but I'm getting these rejections:
verify_command: rejected command 1
verify_command: rejected command 4d |
|
Back to top |
|
|
donjuan l33t
Joined: 11 May 2004 Posts: 760 Location: At Uni
|
Posted: Fri Nov 12, 2004 2:49 am Post subject: |
|
|
Seems to have burned successfully with k3b, got these though:
verify_command: rejected command 1e
verify_command: rejected command 1e
verify_command: rejected command e9
verify_command: rejected command e9
verify_command: rejected command ed
verify_command: rejected command e9
verify_command: rejected command 1
verify_command: rejected command f5
verify_command: rejected command e9
verify_command: rejected command eb
verify_command: rejected command f5 _________________ Command-line ACCEPT_KEYWORDS is considered harmful, use the package.* files.
The Stage 1 on 3 Install |
|
Back to top |
|
|
dsd Developer
Joined: 30 Mar 2003 Posts: 2162 Location: nr London
|
Posted: Fri Nov 12, 2004 2:00 pm Post subject: |
|
|
eradicator wrote: | Seems to be burning fine, but I'm getting these rejections:
verify_command: rejected command 1
verify_command: rejected command 4d |
which software are you using? 4d is log sense, doesnt conflict with anything, might be worth adding if the context looks ok.
donjuan : is this with cd's or dvds? do you know which software k3b is invoking to do the writing? 1e has already been addressed if its dvd+rw-format .. the others are outside of the scsi spec which is odd. could you please post the output of
Code: | cdrecord -dev=/dev/hdc -checkdrive |
_________________ http://dev.gentoo.org/~dsd |
|
Back to top |
|
|
|