Overflow error when trying to read drive properties with ioctl in python

Question

When trying to extract a vendor-specific feature for one of my drives (cmd = 0x89), I get an overflow error: OverflowError: signed integer is greater than maximum. The error is thrown immediately after ioctl is called. The traceback is not very informative either:

Traceback (most recent call last):
  File "lockbx/atacmd.py", line 148, in <module>
    GetDriveIdSgIo("/dev/sda")
  File "lockbx/atacmd.py", line 134, in GetDriveIdSgIo
    ret = fcntl.ioctl(fd.fileno(), SG_IO, ctypes.addressof(sgio))
OverflowError: signed integer is greater than maximum

ATA Command Pass-Through Reference: http://www.t10.org/ftp/t10/document.04/04-262r8.pdf

class AtaCmd(ctypes.Structure):

    _fields_ = [
        ('opcode', ctypes.c_ubyte),
        ('protocol', ctypes.c_ubyte),
        ('flags', ctypes.c_ubyte),
        ('features', ctypes.c_ubyte),
        ('sector_count', ctypes.c_ubyte),
        ('lba_low', ctypes.c_ubyte),
        ('lba_mid', ctypes.c_ubyte),
        ('lba_high', ctypes.c_ubyte),
        ('device', ctypes.c_ubyte),
        ('command', ctypes.c_ubyte),
        ('reserved', ctypes.c_ubyte),
        ('control', ctypes.c_ubyte)]


class SgioHdr(ctypes.Structure):
    """<scsi/sg.h> sg_io_hdr_t."""

    _fields_ = [
        ('interface_id', ctypes.c_int),
        ('dxfer_direction', ctypes.c_int),
        ('cmd_len', ctypes.c_ubyte),
        ('mx_sb_len', ctypes.c_ubyte),
        ('iovec_count', ctypes.c_ushort),
        ('dxfer_len', ctypes.c_uint),
        ('dxferp', ctypes.c_void_p),
        ('cmdp', ctypes.c_void_p),
        ('sbp', ctypes.c_void_p),
        ('timeout', ctypes.c_uint),
        ('flags', ctypes.c_uint),
        ('pack_id', ctypes.c_int),
        ('usr_ptr', ctypes.c_void_p),
        ('status', ctypes.c_ubyte),
        ('masked_status', ctypes.c_ubyte),
        ('msg_status', ctypes.c_ubyte),
        ('sb_len_wr', ctypes.c_ubyte),
        ('host_status', ctypes.c_ushort),
        ('driver_status', ctypes.c_ushort),
        ('resid', ctypes.c_int),
        ('duration', ctypes.c_uint),
        ('info', ctypes.c_uint)]


def GetDriveIdSgIo(dev):
    ata_cmd = AtaCmd(opcode=0xA1,  # ATA PASS-THROUGH (12)
                     protocol=3 << 1,  # PIO Data-In
                     flags=0x06,
                     features=0xF5,
                     sector_count=1,
                     lba_low=0, lba_mid=0, lba_high=0,
                     device=0,
                     command=0x89,  # IDENTIFY
                     reserved=0,
                     control=0)

    SG_DXFER_FROM_DEV = -3
    sense = ctypes.c_buffer(64)
    identify = ctypes.c_buffer(512)

    sgio = SgioHdr(
        interface_id=ord('S'),
        dxfer_direction=SG_DXFER_FROM_DEV,
        cmd_len=ctypes.sizeof(ata_cmd),
        mx_sb_len=ctypes.sizeof(sense),
        iovec_count=0,
        dxfer_len=ctypes.sizeof(identify),
        dxferp=0,
        cmdp=ctypes.addressof(ata_cmd),
        sbp=ctypes.addressof(sense),
        timeout=3000,
        flags=0,
        pack_id=0,
        usr_ptr=None,
        # Set values
        status=0, masked_status=0, msg_status=0, sb_len_wr=0, host_status=0,
        driver_status=0, resid=0, duration=0, info=0
    )

    SG_IO = 0x2285  # <scsi/sg.h>
    with open(dev, 'r') as fd:
        ret = fcntl.ioctl(fd.fileno(), SG_IO, ctypes.addressof(sgio))  # fails here

    # some other stuff returns endian swapped buffer info but not relevant

GetDriveIdSgIo("/dev/sda")

Where have I gone wrong?

Answer 1

3 years late, but having run into this myself the solution is simply to use the libc ioctl.

# We use libc instead of the builtin ioctl as the builtin can have
# issues with 64-bit pointers.
result = get_libc().ioctl(
    self.fd, IOCTL_SG_IO, ctypes.byref(sg_io_header)
)

Where get_libc() is:

import ctypes
from functools import cache


@cache
def get_libc():
    # Opens the libc.so, which can be quite a slow process, and
    # saves it for future use.
    return ctypes.CDLL("libc.so.6", use_errno=True)

This is what's done in my SMARTie library.

Answer 2

Do you receive 32-bit or 64-bit? By default it's 32-bit value in ctypes, if I'm not mistaken.

Answer 3

try this:

ret = fcntl.ioctl(fd.fileno(), 0x2285, ctypes.addressof(sgio))

maybe python stores SG_IO as int64 but ioctl only takes 32bit integers as arg. Or explicitly cast it to 32bit as: c_uint(0x2285)

If this doesn't work, it could be the arg parameter. Try this:

ret = fcntl.ioctl(fd.fileno(), 0x2285, sgio)

If that doesn't work try to use struct.pack instead of ctypes as sgio parameter and struct.unpack to read the ret.

Reference: https://docs.python.org/2/library/struct.html