From: Christoph Hellwig <hch@lst.de>
To: Keith Busch <kbusch@kernel.org>
Cc: Christoph Hellwig <hch@lst.de>, Sagi Grimberg <sagi@grimberg.me>,
linux-nvme@lists.infradead.org
Subject: Re: block dangerous passthrough operation
Date: Mon, 21 Nov 2022 08:45:24 +0100 [thread overview]
Message-ID: <20221121074524.GC24507@lst.de> (raw)
In-Reply-To: <Y3UL2LER7I9KUxGW@kbusch-mbp.dhcp.thefacebook.com>
On Wed, Nov 16, 2022 at 09:12:08AM -0700, Keith Busch wrote:
> People do use the fabrics command for 'get property' to check on their
> device, which is a harmless command that you've blocked.
Yeah, I guess read fabrics commnds are ok.
> There are still other harmful things a user could do, like Doorbell
> Buffer Config or Set Feature Host Memory Buffer that could really screw
> things up for the driver. But I think this sets a bad precedence that
> the driver is going to protect an admin user from doing stupid things.
> As more destructive opcodes and features are added in the future, we'd
> be taking on a maintenance burden to analyze all these. Meanwhile, older
> drivers won't provide that protection, so the user is expected to simply
> not do such actions, so why can't they just do that now?
It's a little less about preventing all possible problems, than about
at least letting people known they're doing something totally broken
and not report bugs to me about them..
next prev parent reply other threads:[~2022-11-21 7:45 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20221116130636epcas5p39a586e15d27045752f18d022f4efd74a@epcas5p3.samsung.com>
2022-11-16 13:01 ` block dangerous passthrough operation Christoph Hellwig
2022-11-16 13:01 ` [PATCH 1/4] nvme: return an errno from nvme_cmd_allowed Christoph Hellwig
2022-11-16 13:01 ` [PATCH 2/4] nvme: don't allow user space to send fabrics commands Christoph Hellwig
2022-11-16 13:01 ` [PATCH 3/4] nvme: don't allow userspace to set the Host Behavior Support feature Christoph Hellwig
2022-11-16 13:01 ` [PATCH 4/4] nvme: reject passthrough of queue creation / deletion commands Christoph Hellwig
2022-11-16 13:25 ` block dangerous passthrough operation Kanchan Joshi
2022-11-16 13:38 ` Christoph Hellwig
2022-11-16 13:43 ` Kanchan Joshi
2022-11-16 15:44 ` Christoph Hellwig
2022-11-17 3:13 ` Kanchan Joshi
2022-11-21 7:43 ` Christoph Hellwig
2022-11-16 16:12 ` Keith Busch
2022-11-17 3:51 ` Kanchan Joshi
2022-11-17 16:03 ` Keith Busch
2022-11-17 6:48 ` Chaitanya Kulkarni
2022-11-21 7:45 ` Christoph Hellwig [this message]
2022-11-17 3:49 ` Jens Axboe
2022-11-21 7:46 ` Christoph Hellwig
2022-11-21 15:35 ` Keith Busch
2022-11-22 6:47 ` Christoph Hellwig
2022-11-22 10:38 ` Sagi Grimberg
2022-11-22 12:03 ` Christoph Hellwig
2022-11-22 15:11 ` Keith Busch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221121074524.GC24507@lst.de \
--to=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox