search

Drive-Trust-Alliance / sedutil

DTA sedutil Self encrypting drive software
603 stars 233 forks source link

Opening the device with the O_RDWR flag for all available functions (is this necessary?) #394

Closed arturpzol closed 2 years ago

arturpzol commented 2 years ago

https://github.com/Drive-Trust-Alliance/sedutil/blob/d3de8e45e06a21d31cca0046ceb16ced1ef3563a/linux/DtaDevLinuxSata.cpp#L75

Is it necessary to open the device with the O_RDWR flag for example for isValidSEDDisk function? I ask because on some systems with UDEV with below entry:

# watch metadata changes by tools closing the device after writing
KERNEL!="sr*", OPTIONS+="watch"

and where a lot of disks are used many UDEV events are unnecessarily generated even if we only check if disks supports SED e.g:

sedutil-cli --isValidSED /dev/sda
/dev/sda NO --- Hitachi HUA722010CLA330                  JA2OA7EA
udevadm monitor
monitor will print the received events for:
UDEV - the event which udev sends out after rule processing
KERNEL - the kernel uevent

KERNEL[345114.506318] remove   /devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda/sda1 (block)
KERNEL[345114.506340] remove   /devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda/sda9 (block)
UDEV  [345114.506662] remove   /devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda/sda1 (block)
UDEV  [345114.506764] remove   /devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda/sda9 (block)
KERNEL[345114.544986] change   /devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda (block)
KERNEL[345114.545074] add      /devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda/sda1 (block)
KERNEL[345114.545156] add      /devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda/sda9 (block)
UDEV  [345114.545324] change   /devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda (block)
UDEV  [345114.545472] add      /devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda/sda1 (block)
UDEV  [345114.545492] add      /devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda/sda9 (block)
UDEV  [345114.564312] remove   /devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda/sda9 (block)
UDEV  [345114.565261] remove   /devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda/sda1 (block)
UDEV  [345114.649132] change   /devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda (block)
UDEV  [345114.718644] add      /devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda/sda1 (block)
UDEV  [345114.731486] add      /devices/pci0000:00/0000:00:1f.2/ata1/host0/target0:0:0/0:0:0:0/block/sda/sda9 (block)

See also: https://access.redhat.com/solutions/1465913

r0m30 commented 2 years ago

The only way I had enough authority to issue IOCTL commands was when using that flag. There may be some obscure way to bypass this but I didn't find it.