[PATCH V6 1/2] nvme: enable char device per namespace

Minwoo Im minwoo.im.dev at gmail.com
Thu Mar 25 02:09:51 GMT 2021 

On 21-03-24 12:29:32, Niklas Cassel wrote:
> On Mon, Mar 01, 2021 at 08:24:51PM +0100, javier at javigon.com wrote:
> > From: Javier González <javier.gonz at samsung.com>
> > 
> > Create a char device per NVMe namespace. This char device is always
> > initialized, independently of whether the features implemented by the
> > device are supported by the kernel. User-space can therefore always
> > issue IOCTLs to the NVMe driver using the char device.
> > 
> > The char device is presented as /dev/nvme-generic-XcYnZ. This naming
> > scheme follows the convention of the hidden device (nvmeXcYnZ). Support
> > for multipath will follow.
> > 
> 
> Hello all,
> 
> Looking at the discussion that led up to the current design:
> https://lore.kernel.org/linux-block/20201102185851.GA21349@lst.de/
> 
> Keith initially suggested:
> 
> a) Set up the existing controller character device with a generic
>    disk-less request_queue to the IO queues accepting IO commands to
>    arbitrary NSIDs.
> 
> However Christoph replied:
> 
> The problem with a) is that it can't be used to give users or groups
> access to just one namespaces, so it causes a real access control
> nightmare.
> 
> c) Each namespace gets its own character device, period.

Thanks for summarizing this up!

> However, testing this patch series out:
> 
> crw------- 1 root root 249,   0 Mar 24 11:32 /dev/nvme-generic-0c0n1
> crw------- 1 root root 249,   1 Mar 24 11:32 /dev/nvme-generic-0c0n2
> crw------- 1 root root 250,   0 Mar 24 11:32 /dev/nvme0
> brw-rw---- 1 root disk 259,   1 Mar 24 11:32 /dev/nvme0n2
> 
> NSID1 has been rejected (because of ZNS ZOC, which kernel does not support).
> 
> However, if I use the new char device for NSID1, but specify NSID2 to nvme-cli:
> 
> sudo nvme write-zeroes -s 0 -c 0 --namespace-id=2 /dev/nvme-generic-0c0n1
> 
> I was still allowed to write to NSID2:
> 
> sudo nvme zns report-zones -d 1 /dev/nvme0n2
> SLBA: 0x0        WP: 0x1        Cap: 0x3e000    State: IMP_OPENED   Type: SEQWRITE_REQ   Attrs: 0x0
> 
> Should this really be allowed?

I think this should not be allowed at all.  Thanks for the testing!

> 
> I was under the impression that Christoph's argument for implementing per
> namespace char devices, was that you should be able to do access control.
> Doesn't that mean that for the new char devices, we need to reject ioctls
> that specify a nvme_passthru_cmd.nsid != the NSID that the char device
> represents?
> 
> 
> Although, this is not really something new, as we already have the same
> behavior when it comes ioctls and the block devices. Perhaps we want to
> add the same verification there?

I think there should be verifications.

> 
> Regardless if we want to add a verification for block devices or not,
> it just seemed to me that the whole argument for introducing new char
> devices was to allow access control per namespace, which doesn't seem
> to have been taken into account, but perhaps I'm missing something.

Any other points that you think it's not been taken account?  I think it
should map to previous blkdev operations, but with some verfications
there.  It would be great if you can share any other points supposed to
be supported here :)

> Kind regards,
> Niklas

More information about the Linux-nvme mailing list