Bug 983521 - tgtadm: the read-only parameter does not work
tgtadm: the read-only parameter does not work
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: scsi-target-utils (Show other bugs)
6.4
Unspecified Unspecified
high Severity high
: rc
: ---
Assigned To: Andy Grover
Bruno Goncalves
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-11 07:12 EDT by Xiaowei Li
Modified: 2017-12-06 06:37 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-12-06 06:37:26 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Xiaowei Li 2013-07-11 07:12:25 EDT
Description of problem:
I create a passthrough readonly device and export it via iscsi.
On the initiator, I still can write to the device.

Version-Release number of selected component (if applicable):
scsi-target-utils-1.0.24-2.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.
# tgtadm --lld iscsi --op new --mode target --tid 1 -T iqn.tgt:disk:target1
# tgtadm --lld iscsi --op bind --mode target --tid 1 -I ALL
# tgtadm --lld iscsi --op new --mode logicalunit --tid 1 --lun 1 --bstype=sg --device-type=pt --backing-store=/dev/sg0
# tgtadm --lld iscsi --mode logicalunit --op update --tid 1 --lun 1 --params readonly=1
# tgtadm --lld iscsi --op show --mode target
Target 1: iqn.tgt:disk:target1
    System information:
        Driver: iscsi
        State: ready
    I_T nexus information:
        I_T nexus: 1
            Initiator: iqn.1994-05.com.redhat:d7c1e0c5733
            Connection: 0
                IP Address: 127.0.0.1
        I_T nexus: 2
            Initiator: iqn.1994-05.com.redhat:92256b5b4c9a
            Connection: 0
                IP Address: 10.66.12.156
    LUN information:
        LUN: 0
            Type: controller
            SCSI ID: IET     00010000
            SCSI SN: beaf10
            Size: 0 MB, Block size: 1
            Online: Yes
            Removable media: No
            Prevent removal: No
            Readonly: No
            Backing store type: null
            Backing store path: None
            Backing store flags: 
        LUN: 1
            Type: passthrough
            SCSI ID: IET     00010001
            SCSI SN: beaf11
            Size: 0 MB, Block size: 1
            Online: Yes
            Removable media: No
            Prevent removal: No
            Readonly: Yes
            Backing store type: sg
            Backing store path: /dev/sg0
            Backing store flags: 
    Account information:
    ACL information:
        ALL

2.
3.

Actual results:
on the initiator, I still can write to the device exported by the /dev/sg0

Expected results:


Additional info:
Comment 2 RHEL Product and Program Management 2013-10-13 23:10:03 EDT
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 5 Bruno Goncalves 2015-02-25 09:12:47 EST
The problem is still reproducible on scsi-target-utils-1.0.24-16.el6
Comment 6 Martin Hoyer 2016-01-22 03:19:04 EST
Still reproducible with scsi-target-utils-1.0.24-17.el6
kernel-2.6.32-592.el6
Comment 7 Andy Grover 2016-01-22 14:05:53 EST
There are two parts. What tgt "readonly=1" does now is set the WP (write protect) bit in the lun's MODE SENSE response (e.g. "sg_modes /dev/sdb" you will see "WP=1"). If the underlying media were incapable of writes outside of iscsi, this would be the way for the initiator to know that. But tgt doesn't itself stop writes if the device actually isn't readonly.

There's another feature called Software Write Protect (SWP) which actually enforces that writes are not performed. This is not in tgt 1.0.24 but it is in a later version, it would need to be backported to make the test case in comment 0 succeed. Or, just ensuring that tgt only had read access via Unix permissions to the backing store would also achieve the same goal.
Comment 11 Jan Kurik 2017-12-06 06:37:26 EST
Red Hat Enterprise Linux 6 is in the Production 3 Phase. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available.

The official life cycle policy can be reviewed here:

http://redhat.com/rhel/lifecycle

This issue does not meet the inclusion criteria for the Production 3 Phase and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Note that a strong business justification will be required for re-evaluation. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL:

https://access.redhat.com/

Note You need to log in before you can comment on or make changes to this bug.