From: Christoph Hellwig <hch@lst.de>
To: Keith Busch <kbusch@kernel.org>, Sagi Grimberg <sagi@grimberg.me>,
Chaitanya Kulkarni <kch@nvidia.com>
Cc: Kanchan Joshi <joshi.k@samsung.com>, linux-nvme@lists.infradead.org
Subject: only allow unprivileged passthrough for commands without effects v4
Date: Fri, 23 Dec 2022 08:18:08 +0100 [thread overview]
Message-ID: <20221223071814.43564-1-hch@lst.de> (raw)
Hi all,
this series first fixes a few minor issues in the CES log support in the
host and target drivers and then uses the log to deny unprivileged
passthrough of commands that have effects, where the only practically
relevant effect is the modification of contents of the data stored in the
namespace.
Changes since v3:
- clear NVME_CMD_EFFECTS_CSE_MASK for I/O commands
Changes since v2:
- drop various cleanups and aim for a minimum viable fix for 6.2
- fix the NVME_CMD_EFFECTS_CSE_MASK definition
- don't allow unprivilged passthrough without a Commands Supported and
Effects log
Changes since v1:
- make sure ctrl->effects an nshead->effects is always available
- initializse known effects at init time
- remove the use_workqueue field in nvmet_req
- fix up a commit message
Diffstat:
drivers/nvme/host/core.c | 32 ++++++++++++++++++++++++++------
drivers/nvme/host/ioctl.c | 28 ++++++++++++++++++++++++----
drivers/nvme/target/admin-cmd.c | 37 +++++++++++++++++++++----------------
drivers/nvme/target/passthru.c | 11 +++++------
include/linux/nvme.h | 4 +++-
5 files changed, 79 insertions(+), 33 deletions(-)
next reply other threads:[~2022-12-23 7:18 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-23 7:18 Christoph Hellwig [this message]
2022-12-23 7:18 ` [PATCH 1/6] nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition Christoph Hellwig
2022-12-25 10:06 ` Sagi Grimberg
2022-12-23 7:18 ` [PATCH 2/6] nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it Christoph Hellwig
2022-12-25 10:06 ` Sagi Grimberg
2022-12-23 7:18 ` [PATCH 3/6] nvmet: set the LBCC bit for commands that modify data Christoph Hellwig
2022-12-25 10:06 ` Sagi Grimberg
2022-12-23 7:18 ` [PATCH 4/6] nvmet: don't defer passthrough commands with trivial effects to the workqueue Christoph Hellwig
2022-12-25 10:14 ` Sagi Grimberg
2022-12-23 7:18 ` [PATCH 5/6] nvme: also return I/O command effects from nvme_command_effects Christoph Hellwig
2022-12-25 10:26 ` Sagi Grimberg
2022-12-27 16:57 ` Christoph Hellwig
2022-12-28 13:49 ` Sagi Grimberg
2022-12-28 15:12 ` Christoph Hellwig
2022-12-29 5:35 ` Kanchan Joshi
2022-12-23 7:18 ` [PATCH 6/6] nvme: consult the CSE log page for unprivileged passthrough Christoph Hellwig
2022-12-25 10:27 ` Sagi Grimberg
2022-12-28 16:04 ` only allow unprivileged passthrough for commands without effects v4 Keith Busch
2022-12-28 16:05 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221223071814.43564-1-hch@lst.de \
--to=hch@lst.de \
--cc=joshi.k@samsung.com \
--cc=kbusch@kernel.org \
--cc=kch@nvidia.com \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox