On Fri, 2018-11-16 at 08:00 +0100, Paolo Bonzini wrote: > On 16/11/18 06:46, Bart Van Assche wrote: > > I do not know any application for which it would be useful to allow some but > > not all of these commands. With the proposed interface however users will > > have to examine all SCSI opcodes and for each opcode they will have to > > decide > > whether or not it should be allowed. Additionally, for opcodes like 7fh that > > represent multiple commands, users will have to decide whether they want to > > allow all these commands or none. That's why I think that filtering SCSI > > commands based on their CDB is an unfortunate choice. Would it be sufficient > > for the use cases you are looking at to group SCSI commands as follows and > > to > > enable/disable these commands per group: > > * SCSI command that read information from the medium (e.g. READ) or from the > > controller (e.g. READ CAPACITY). > > * SCSI commands that modify information on the medium (e.g. WRITE). > > * SCSI commands that modify controller settings (e.g. MODE SELECT or SET > > TARGET PORT GROUPS). > > And also: > > * all SCSI commands (e.g. write microcode, vendor specific commands). > > It would. However, it would be impossible to do this without making the > filter depend on the SCSI device type. This has been rejected in 2012.
Do you have a link available to that discussion? Since the meaning of several SCSI opcodes depends on the SCSI device type, I don't see how we can avoid making filtering dependent on the SCSI device type. Bart.
