From: Christoph Hellwig <hch@lst.de>
To: Keith Busch <kbusch@kernel.org>
Cc: Christoph Hellwig <hch@lst.de>, Keith Busch <kbusch@meta.com>,
linux-nvme@lists.infradead.org
Subject: Re: [PATCHv2 2/2] nvme-pci: use sgls for all user requests if possible
Date: Thu, 14 Nov 2024 06:56:43 +0100 [thread overview]
Message-ID: <20241114055642.GB10948@lst.de> (raw)
In-Reply-To: <ZzTKORM566PReqHI@kbusch-mbp>
On Wed, Nov 13, 2024 at 08:48:09AM -0700, Keith Busch wrote:
> > > For controllers that support SGL data mode, this is a viable mitigation
> > > to CVE-2023-6238.
> >
> > The patch itself looks fine, but instead of the handwaivy mitigation,
> > maybe just disable passthrough without SGL support by default to actually
> > fix and not just mitigate the CVE?
>
> SGL is an optional feature that many devices don't implement. Even fewer
> do it for metadata. Disabling it entirely is "breaking userspace" for
> users I need to support.
Well, if that usage creates exploitable behavior we'll need to fix it
and not just paper over it. Although this probably only really matters
for the non-privileged passthrough.
next prev parent reply other threads:[~2024-11-14 5:56 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-12 21:06 [PATCHv2 0/2] Using SGLs for userspace commands Keith Busch
2024-11-12 21:06 ` [PATCHv2 1/2] nvme-pci: add support for sgl metadata Keith Busch
2024-11-13 4:58 ` Christoph Hellwig
2024-11-13 15:48 ` Keith Busch
2024-11-12 21:06 ` [PATCHv2 2/2] nvme-pci: use sgls for all user requests if possible Keith Busch
2024-11-13 4:58 ` Christoph Hellwig
2024-11-13 15:48 ` Keith Busch
2024-11-14 5:56 ` Christoph Hellwig [this message]
2024-11-14 15:53 ` Keith Busch
2024-11-14 16:42 ` Christoph Hellwig
2024-11-14 17:29 ` Keith Busch
2024-11-13 4:50 ` [PATCHv2 0/2] Using SGLs for userspace commands Christoph Hellwig
2024-11-13 15:50 ` Keith Busch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241114055642.GB10948@lst.de \
--to=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=kbusch@meta.com \
--cc=linux-nvme@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.