[PATCH V6 1/2] nvme: enable char device per namespace
hch at lst.de
hch at lst.de
Thu Mar 25 08:26:47 GMT 2021
On Thu, Mar 25, 2021 at 11:09:51AM +0900, Minwoo Im wrote:
> > I was still allowed to write to NSID2:
> >
> > sudo nvme zns report-zones -d 1 /dev/nvme0n2
> > SLBA: 0x0 WP: 0x1 Cap: 0x3e000 State: IMP_OPENED Type: SEQWRITE_REQ Attrs: 0x0
> >
> > Should this really be allowed?
>
> I think this should not be allowed at all. Thanks for the testing!
It should not be allowed, but it seems like a pre-existing problem
as nvme_user_cmd does not verify the nsid.
> > I was under the impression that Christoph's argument for implementing per
> > namespace char devices, was that you should be able to do access control.
> > Doesn't that mean that for the new char devices, we need to reject ioctls
> > that specify a nvme_passthru_cmd.nsid != the NSID that the char device
> > represents?
> >
> >
> > Although, this is not really something new, as we already have the same
> > behavior when it comes ioctls and the block devices. Perhaps we want to
> > add the same verification there?
>
> I think there should be verifications.
Yes.
> > Regardless if we want to add a verification for block devices or not,
> > it just seemed to me that the whole argument for introducing new char
> > devices was to allow access control per namespace, which doesn't seem
> > to have been taken into account, but perhaps I'm missing something.
>
> Any other points that you think it's not been taken account? I think it
> should map to previous blkdev operations, but with some verfications
> there. It would be great if you can share any other points supposed to
> be supported here :)
Agreed.
More information about the Linux-nvme
mailing list