From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-dy1-f179.google.com (mail-dy1-f179.google.com [74.125.82.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1717A2EDD62 for ; Wed, 4 Feb 2026 17:52:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.82.179 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770227573; cv=none; b=Rm9yXRSZb8x8468bOlievP84npaLnIbQiB1MOgBkb47PCxXP30UOTfjdx9Zhm9+1IRZ7iAMDAspGQdS0YlYuHxfsSvJCcpBCY5w28YvyL0GmjEF3X9vucX9ufeXtqvI020eN91TlGOlosS/MN4pfN33Se0WJjLQNAPJkePaAPmM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770227573; c=relaxed/simple; bh=juQiQRnKV07+NLIZMWPIV35dip3Q56h5Nvnb+5paRFE=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=Ezn3zR0kEJjrVGg9PThLBvRzsZrc0y5e5sUApZ2h3AE2RIkCRRV3yd09cqeyYEpvE2KtgSehSgX93GUQH64zXh8RsvVaYDqSxuS2YNod+QpxQxBez4IpRcNvxi5E/QyHXg/HikcnFlC1yuv0uIXNQLep2anGz9s8FP6SSaShC+o= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=purestorage.com; spf=fail smtp.mailfrom=purestorage.com; dkim=pass (2048-bit key) header.d=purestorage.com header.i=@purestorage.com header.b=ZXAZ4cI5; arc=none smtp.client-ip=74.125.82.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=purestorage.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=purestorage.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=purestorage.com header.i=@purestorage.com header.b="ZXAZ4cI5" Received: by mail-dy1-f179.google.com with SMTP id 5a478bee46e88-2b8397e3e09so1103231eec.0 for ; Wed, 04 Feb 2026 09:52:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=purestorage.com; s=google2022; t=1770227572; x=1770832372; darn=vger.kernel.org; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=L+mtqSUCbqzuDcEW1o3mGHLmXW8L3fM5ZNzzT1MLFDA=; b=ZXAZ4cI5dP3hTP1baqo0dT687rqhL/Fp/ksHIV6PPdxFzCks4RDT8bIdPYKn1U4aru kkuhTBT0bE7S96lJRFJnpxbb4AW6LFS749XgnPR2gY2sH8G6D4joW9wPQbVYLkAjhPDK kLZ/79Po7surai90pE9OvRyYUlHG3S3uPg9ZS3ejORIG5Vk5MBnskuTsMAzCvv4Ju7nS g1sW7S3MJctvZs1SwAQhEHmIN7v9V08I2qdL9PQVtMHwsoLG8l/gxnX3ciAMfpDzzSzY AzWst6rGBpnB6ItghVRrI2GJrWDRHn09tF3OyKiTdxYhCUg1y6lqIs/snm2EykUG/mT0 FKcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770227572; x=1770832372; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=L+mtqSUCbqzuDcEW1o3mGHLmXW8L3fM5ZNzzT1MLFDA=; b=IVzfOzMFTp1C+HML4SJc8XGw80ZjNfyLrUB+J7vfqZix+ZMzdMOSN1KdHqVNch5fxb yv73Dc2Srdv2fAAyr6iEbwGNAHohFxk+n6awSmeMwMdq06VSnChYwqRmud+7MjtfOM9x tU0Ojk8VI/LOxO8N+sbxIkpYX4TyQaH5TuLrI7yBoHBF66TbZRZIB1Xs9R51LLOKWyFL idp4DfYxCKYO7maCaRCtIDhYw/PXQRI45CSvDw51yJu6RMOpYY5WRgzUf0FYGK2Zt9QL c1upjJNHfRFbkxFNPe6j4gE5l1ssInzVxyrGjaWr3HNfQG7dlVXrXFFdTvbZHUaMOjW4 4teA== X-Forwarded-Encrypted: i=1; AJvYcCV36OX2SeoIHFr3CfzDVl9MToxnYmsxd1kLXi76nB+1kADcmSBhZ8945qRPa7jj7gBDA+7AfIRLstt57RE=@vger.kernel.org X-Gm-Message-State: AOJu0YzCYmEi5w4hPAvNeTtoXADthtnuXn3jyISnlabOz3nIjrh/uiIK o2ijUfWtncMLRbeisQg+HJefPF0nlHCg/m7gSow/3mNAKvJqeTIngeND3p+LSbVaHNk= X-Gm-Gg: AZuq6aIPGXVrJozkXz/RqUFGWFoUjCYYD/6bsquiz50Dn16GNS7TDp/rSmJY8alOOZt IdCtzfdyqGUJwbzDyraFD6N55M7P7qwksxGUzm91o0++qqjCWo3qrHqDk4cJQ0q/c01miRlwWro lBlrFd7qUi4dVZQ7i6zKWR2WLTMXG1+R+PFvfpJ7Fnj+P8unzi6yr7hx2Cf0WOnzMAAlL1a8F7Z Bt068pc9xnj2vBLehlbOPksKPqUSmDexgz9bWAydMvAApb8+3zMFU0LD+YP6W3oxB6ciWk9n1VE TRZXoKmXdBdWbbvnnuYn0ws8vu7FKHXD+UEtBE9MLg1sZJUw6Et4KsW1I9FOdf1IKoIuJgb2G5f avzkWiLAhRMaMpz33rhhSvVtxykK54hj+xdVJv1wPXhMLMuHqz/0h0FDLMGLGltZwcA6OzZWzRb DqTxCNaHGeCw9ZgcBqsx0gmaCNbzRw/tJjyTqRnT4q0Q== X-Received: by 2002:a05:7300:5711:b0:2b7:f809:9c41 with SMTP id 5a478bee46e88-2b8329df851mr2012242eec.25.1770227571532; Wed, 04 Feb 2026 09:52:51 -0800 (PST) Received: from medusa.lab.kspace.sh ([208.88.152.253]) by smtp.googlemail.com with UTF8SMTPSA id a92af1059eb24-126f4e107b4sm2502371c88.7.2026.02.04.09.52.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Feb 2026 09:52:51 -0800 (PST) Date: Wed, 4 Feb 2026 09:52:50 -0800 From: Mohamed Khalfella To: Hannes Reinecke Cc: Justin Tee , Naresh Gottumukkala , Paul Ely , Chaitanya Kulkarni , Christoph Hellwig , Jens Axboe , Keith Busch , Sagi Grimberg , Aaron Dailey , Randy Jennings , Dhaval Giani , linux-nvme@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 03/14] nvmet: Implement CCR nvme command Message-ID: <20260204175250.GL3729-mkhalfella@purestorage.com> References: <20260130223531.2478849-1-mkhalfella@purestorage.com> <20260130223531.2478849-4-mkhalfella@purestorage.com> <77a00fa1-5707-4859-8a7a-e823ca18c9fe@suse.de> <20260203184039.GB3729-mkhalfella@purestorage.com> <21be273b-b1b2-4813-8178-e01cb0aa6301@suse.de> <20260204004417.GK3729-mkhalfella@purestorage.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Wed 2026-02-04 01:55:18 +0100, Hannes Reinecke wrote: > On 2/4/26 01:44, Mohamed Khalfella wrote: > > On Wed 2026-02-04 01:38:44 +0100, Hannes Reinecke wrote: > >> On 2/3/26 19:40, Mohamed Khalfella wrote: > >>> On Tue 2026-02-03 04:19:50 +0100, Hannes Reinecke wrote: > >>>> On 1/30/26 23:34, Mohamed Khalfella wrote: > >>>>> @@ -1501,6 +1516,38 @@ struct nvmet_ctrl *nvmet_ctrl_find_get(const char *subsysnqn, > >>>>> return ctrl; > >>>>> } > >>>>> > >>>>> +struct nvmet_ctrl *nvmet_ctrl_find_get_ccr(struct nvmet_subsys *subsys, > >>>>> + const char *hostnqn, u8 ciu, > >>>>> + u16 cntlid, u64 cirn) > >>>>> +{ > >>>>> + struct nvmet_ctrl *ctrl; > >>>>> + bool found = false; > >>>>> + > >>>>> + mutex_lock(&subsys->lock); > >>>>> + list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry) { > >>>>> + if (ctrl->cntlid != cntlid) > >>>>> + continue; > >>>>> + if (strncmp(ctrl->hostnqn, hostnqn, NVMF_NQN_SIZE)) > >>>>> + continue; > >>>>> + > >>>> Why do we compare the hostnqn here, too? To my understanding the host > >>>> NQN is tied to the controller, so the controller ID should be sufficient > >>>> here. > >>> > >>> We got cntlid from CCR nvme command and we do not trust the value sent by > >>> the host. We check hostnqn to confirm that host is actually connected to > >>> the impacted controller. A host should not be allowed to reset a > >>> controller connected to another host. > >>> > >> Errm. So we're starting to not trust values in NVMe commands? > >> That is a very slippery road. > >> Ultimately it would require us to validate the cntlid on each > >> admin command. Which we don't. > >> And really there is no difference between CCR and any other > >> admin command; you get even worse effects if you would assume > >> a misdirected 'FORMAT' command. > >> > >> Please don't. Security is _not_ a concern here. > > > > I do not think the check hurts. If you say it is wrong I will delete it. > > > It's not 'wrong', It's inconsistent. The argument that the contents of > an admin command may be wrong applies to _every_ admin command. > Yet we never check on any of those commands. > So I fail to see why this command requires special treatment. Okay, I will delete this check. > > Cheers, > > Hannes > -- > Dr. Hannes Reinecke Kernel Storage Architect > hare@suse.de +49 911 74053 688 > SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg > HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich