nvme-host: disk corruptions when issuing IDENTIFY commands via ioctl()
Keith Busch
kbusch at kernel.org
Tue Mar 8 16:39:04 PST 2022
On Wed, Mar 09, 2022 at 08:18:47AM +0800, Ming Lei wrote:
> Given NVMe spec states that data length of IDENTIFY command should be
> 4096bytes, and PRP list can't be used.
>
> So looks nvme driver need to validate the command before submitting to
> hardware, otherwise any buggy application can break FS or memory easily.
No way. The driver does not police the user passthrough interface for
these kinds of things. It couldn't ever be complete or future proof if
it did.
More information about the Linux-nvme
mailing list