From: Christoph Hellwig <hch@lst.de>
To: Keith Busch <kbusch@kernel.org>
Cc: Christoph Hellwig <hch@lst.de>,
Kanchan Joshi <joshi.k@samsung.com>,
axboe@kernel.dk, sagi@grimberg.me,
linux-nvme@lists.infradead.org, gost.dev@samsung.com,
vincentfu@gmail.com, stable@vger.kernel.org
Subject: Re: [PATCH v2] nvme: remove unprivileged passthrough support
Date: Tue, 24 Oct 2023 09:07:59 +0200 [thread overview]
Message-ID: <20231024070759.GE9847@lst.de> (raw)
In-Reply-To: <ZTaOzORdmFwxCW1c@kbusch-mbp>
On Mon, Oct 23, 2023 at 09:18:36AM -0600, Keith Busch wrote:
> On Mon, Oct 23, 2023 at 07:44:56AM +0200, Christoph Hellwig wrote:
> > Yes, you need someone with root access to change the device node
> > persmissions. But we allowed that under the assumption it is safe
> > to do so, which it turns out it is not.
>
> Okay, iiuc, while we have to opt-in to allow this hole, we need another
> option for users to set to allow this usage because it's not safe.
>
> Here are two options I have considered for unpriveledged access, please
> let me know if you have others or thoughts.
>
> Restrict access for processes with CAP_SYS_RAWIO, which can be granted
> to non-root users. This cap is already used in scsi subsystem, too.
Well, that's sensible in general.
> A per nvme-generic namespace sysfs attribute that only root can toggle
> that would override any caps and just rely on access permissions.
And that I'm not confident about as long as we can only use the broken
PRP scheme on NVMe.
next prev parent reply other threads:[~2023-10-24 7:08 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20231016061151epcas5p1a0e18162b362ffbea754157e99f88995@epcas5p1.samsung.com>
2023-10-16 6:05 ` [PATCH v2] nvme: remove unprivileged passthrough support Kanchan Joshi
2023-10-16 18:41 ` Keith Busch
2023-10-18 21:26 ` Keith Busch
2023-10-19 5:04 ` Christoph Hellwig
2023-10-20 14:25 ` Keith Busch
2023-10-23 5:44 ` Christoph Hellwig
2023-10-23 15:18 ` Keith Busch
2023-10-24 7:07 ` Christoph Hellwig [this message]
2023-10-26 14:31 ` Kanchan Joshi
2023-10-26 15:15 ` Keith Busch
2023-10-27 7:06 ` Shinichiro Kawasaki
2023-10-27 7:15 ` Kanchan Joshi
2023-10-27 7:49 ` Shinichiro Kawasaki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231024070759.GE9847@lst.de \
--to=hch@lst.de \
--cc=axboe@kernel.dk \
--cc=gost.dev@samsung.com \
--cc=joshi.k@samsung.com \
--cc=kbusch@kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
--cc=stable@vger.kernel.org \
--cc=vincentfu@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox