NVME_IOCTL_SUBMIT_IO access control
Keith Busch
kbusch at kernel.org
Tue Jun 1 06:53:10 PDT 2021
On Mon, May 31, 2021 at 11:09:35AM +0000, Niklas Cassel wrote:
> Hello there,
>
> How is the NVME_IOCTL_SUBMIT_IO access control supposed to work?
>
> $ echo "hello" | nvme write /dev/nvme0n1 -s 0 -c 1 -z 512
> /dev/nvme0n1: Permission denied
>
> $ sudo chmod o+r /dev/nvme0n1
>
> $ echo "hello" | nvme write /dev/nvme0n1 -s 0 -c 1 -z 512
> Rounding data size to fit block count (8192 bytes)
> write: Success
>
>
> Am I supposed to be able to do a write if I only have read permission?
>
> $ ls -al /dev/nvme0n1
> brw-rw-r-- 1 root disk 259, 0 May 31 10:59 /dev/nvme0n1
I'm not sure, we've always allowed any user passthrough command if
CAP_SYS_ADMIN capable. It should be pretty easy to check permissions for
any data-out opcode against FMODE_WRITE. We'll probably break something
if we do, though.
More information about the Linux-nvme
mailing list