From: Keith Busch <kbusch@kernel.org>
To: Christoph Hellwig <hch@lst.de>
Cc: Keith Busch <kbusch@meta.com>, linux-nvme@lists.infradead.org
Subject: Re: [PATCHv2 2/2] nvme-pci: use sgls for all user requests if possible
Date: Thu, 14 Nov 2024 08:53:49 -0700 [thread overview]
Message-ID: <ZzYdDSNpH99YHJvb@kbusch-mbp> (raw)
In-Reply-To: <20241114055642.GB10948@lst.de>
On Thu, Nov 14, 2024 at 06:56:43AM +0100, Christoph Hellwig wrote:
> On Wed, Nov 13, 2024 at 08:48:09AM -0700, Keith Busch wrote:
> > > > For controllers that support SGL data mode, this is a viable mitigation
> > > > to CVE-2023-6238.
> > >
> > > The patch itself looks fine, but instead of the handwaivy mitigation,
> > > maybe just disable passthrough without SGL support by default to actually
> > > fix and not just mitigate the CVE?
> >
> > SGL is an optional feature that many devices don't implement. Even fewer
> > do it for metadata. Disabling it entirely is "breaking userspace" for
> > users I need to support.
>
> Well, if that usage creates exploitable behavior we'll need to fix it
> and not just paper over it. Although this probably only really matters
> for the non-privileged passthrough.
Only admin users can access this path by default. You have to opt-in for
it, so it's not exploitable unless you ask for it. I can't see disabling
the interface entirely. In a previous version of this patch, I had the
kernel tainted if you tried to do passthrough without SGL support. Would
that be a fair compromise if I reintroduce that behavior?
next prev parent reply other threads:[~2024-11-14 15:53 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-12 21:06 [PATCHv2 0/2] Using SGLs for userspace commands Keith Busch
2024-11-12 21:06 ` [PATCHv2 1/2] nvme-pci: add support for sgl metadata Keith Busch
2024-11-13 4:58 ` Christoph Hellwig
2024-11-13 15:48 ` Keith Busch
2024-11-12 21:06 ` [PATCHv2 2/2] nvme-pci: use sgls for all user requests if possible Keith Busch
2024-11-13 4:58 ` Christoph Hellwig
2024-11-13 15:48 ` Keith Busch
2024-11-14 5:56 ` Christoph Hellwig
2024-11-14 15:53 ` Keith Busch [this message]
2024-11-14 16:42 ` Christoph Hellwig
2024-11-14 17:29 ` Keith Busch
2024-11-13 4:50 ` [PATCHv2 0/2] Using SGLs for userspace commands Christoph Hellwig
2024-11-13 15:50 ` Keith Busch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZzYdDSNpH99YHJvb@kbusch-mbp \
--to=kbusch@kernel.org \
--cc=hch@lst.de \
--cc=kbusch@meta.com \
--cc=linux-nvme@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.