From: Christoph Hellwig <hch@lst.de>
To: Keith Busch <kbusch@kernel.org>
Cc: Christoph Hellwig <hch@lst.de>,
Kanchan Joshi <joshi.k@samsung.com>,
axboe@kernel.dk, sagi@grimberg.me,
linux-nvme@lists.infradead.org, gost.dev@samsung.com,
vincentfu@gmail.com, stable@vger.kernel.org
Subject: Re: [PATCH v2] nvme: remove unprivileged passthrough support
Date: Mon, 23 Oct 2023 07:44:56 +0200 [thread overview]
Message-ID: <20231023054456.GB11272@lst.de> (raw)
In-Reply-To: <ZTKN7f7kzydfiwb2@kbusch-mbp>
On Fri, Oct 20, 2023 at 08:25:49AM -0600, Keith Busch wrote:
> Jens repeated what he told me offline on this thread here, and dropped
> the pull request that contained this patch:
>
> https://lists.infradead.org/pipermail/linux-nvme/2023-October/042684.html
>
> BTW, don't you still need someone with root access to change the
> permissions on the device handle in order for an unpriveledged user to
> reach this hole? It's not open access by default, you still have to
> opt-in.
Yes, you need someone with root access to change the device node
persmissions. But we allowed that under the assumption it is safe
to do so, which it turns out it is not.
next prev parent reply other threads:[~2023-10-23 5:45 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20231016061151epcas5p1a0e18162b362ffbea754157e99f88995@epcas5p1.samsung.com>
2023-10-16 6:05 ` [PATCH v2] nvme: remove unprivileged passthrough support Kanchan Joshi
2023-10-16 18:41 ` Keith Busch
2023-10-18 21:26 ` Keith Busch
2023-10-19 5:04 ` Christoph Hellwig
2023-10-20 14:25 ` Keith Busch
2023-10-23 5:44 ` Christoph Hellwig [this message]
2023-10-23 15:18 ` Keith Busch
2023-10-24 7:07 ` Christoph Hellwig
2023-10-26 14:31 ` Kanchan Joshi
2023-10-26 15:15 ` Keith Busch
2023-10-27 7:06 ` Shinichiro Kawasaki
2023-10-27 7:15 ` Kanchan Joshi
2023-10-27 7:49 ` Shinichiro Kawasaki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231023054456.GB11272@lst.de \
--to=hch@lst.de \
--cc=axboe@kernel.dk \
--cc=gost.dev@samsung.com \
--cc=joshi.k@samsung.com \
--cc=kbusch@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
--cc=stable@vger.kernel.org \
--cc=vincentfu@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox