Bug 495286 - Booting from a live CD-RW overwrites the medium
Booting from a live CD-RW overwrites the medium
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: DeviceKit-disks (Show other bugs)
rawhide
i686 Linux
low Severity urgent
: ---
: ---
Assigned To: David Zeuthen
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-11 03:28 EDT by Robert Nichols
Modified: 2013-03-05 22:58 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-12 16:11:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Robert Nichols 2009-04-11 03:28:19 EDT
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.7) Gecko/2009040909 CentOS/3.0.7-1.el5.centos Firefox/3.0.7

Booting the Fedora 11 Snapshot 1 live CD from CD-RW media destroys the file system on the CD-RW.  It appears that a CD-RW disk gets automounted read/write.

Reproducible: Always

Steps to Reproduce:
1. Burn the Fedora 11 live CD iso onto a CD-RW disk.
2. Boot from this CD-RW. (The boot might or might not succeed -- doesn't matter which.)
3. Shut the system down.
Actual Results:  
Any attempt to read this disk will result in an I/O error on sector 0.  The disk is now useless until erased and rewritten.

Expected Results:  
The disk should be treated read-only and not changed.

A CD-RW disk containing an iso9660 file system gets automounted read/write in rawhide.

DeviceKit-003-1.i586
DeviceKit-disks-004-0.5.20090408git.fc11.i586

(Apologies if DeviceKit is not the culprit.  It's the best I could come up with.)
Comment 1 Robert Nichols 2009-04-11 09:36:04 EDT
The KDE spin of the F-11 Snap1 Live CD, which does not use DeviceKit, does _not_ exhibit this behavior.  That further suggests that the problem lies in DeviceKit.
Comment 2 David Zeuthen 2009-04-12 13:25:59 EDT
(In reply to comment #0)
> A CD-RW disk containing an iso9660 file system gets automounted read/write in
> rawhide.

The iso9660 filesystem is, by design, a read-only filesystem, you can't mount it read/write, that's simply not how it works.

Also, DeviceKit-disks doesn't really look at the hardware itself, it relies on the kernel and udev rules to do this. And all these operations are mostly done in read-only mode. So I can't really think of how DeviceKit-disks could be responsible for trashing the CD-RW medium.

I'll try to burn the latest desktop live cd on a CD-RW to see if I can reproduce this...
Comment 3 David Zeuthen 2009-04-12 15:35:35 EDT
OK, so I managed to test this and, yeah, one of the udev helpers in the DeviceKit-disks package is indeed responsible for trashing the CD-RW medium. Scary!

It's the helper for determining if a device is ATA SMART capable, apparently that craps out the drive. Funny enough this only happens on CD-RW live media, it *does not* happen when booting from a hard drive. All it does is this

http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/tree/src/devkit-disks-probe-ata-smart.c

and apparently that is enough to cause the trashing.

The interesting thing is that this *does not* happen when running 'skdump /dev/sr0' from the command line, maybe it's a timing issue (another udev helper, cdrom_id, is sending commands to the drive just before checking for ATA SMART) or maybe skdump is smarter about not sending commands to the drive. 

Either way, I'm adding both Kay (udev maintainer) and Lennart (libatasmart maintainer) as this is a somewhat interesting bug when it comes to probing. FWIW, I'm not sure libatasmart is doing anything wrong, it's just sending well-known commands to the drive and I think it even checks with IDENTIFY to see if the drive accepts it. Discuss!

Also, I actually tried to bit careful to only probe things that looks like ATA SMART but there was a bug ('==' vs '=') in the rules so we probed the CD-ROM drive for ATA SMART anyway.

I've fixed it now and also added some extra guards (only probe devices driven by the sd driver, not e.g. sr).

http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62dbfeb01735570ca1b266313ff1c765904d9b3b

With these changes we now longer trash the CD-RW medium. I'm going to upload new packages to Fedora right away.

Thanks a lot for reporting this bug!
Comment 4 David Zeuthen 2009-04-12 16:11:38 EDT
Fixed in DeviceKit-disks-004-0.7.20090412git.fc11.

http://koji.fedoraproject.org/koji/taskinfo?taskID=1292589
Comment 5 Lennart Poettering 2009-04-13 10:54:20 EDT
Also, libatasmart 0.9 verifies that the IDENTIFY block we read actually makes sense before we proceed with any further command. I hope that increases the chance that we fail earlier when used on devices that are not actually hard disks.

Note You need to log in before you can comment on or make changes to this bug.