[PATCH 3/3] nvme: don't allow unprivileged passthrough on partitions
Chaitanya Kulkarni
chaitanyak at nvidia.com
Sun Jan 8 23:40:45 PST 2023
On 1/8/23 08:50, Christoph Hellwig wrote:
> Passthrough commands can always access the entire device, and thus
> submitting them on partitions is an privelege escalation.
>
> In hindsight we should have never allowed any passthrough commands on
> partitions, but it's probably too late to change that decision now.
>
> Fixes: e4fbcf32c860 ("nvme: identify-namespace without CAP_SYS_ADMIN")
> Signed-off-by: Christoph Hellwig <hch at lst.de>
> ---
> drivers/nvme/host/ioctl.c | 47 ++++++++++++++++++++++++++-------------
> 1 file changed, 31 insertions(+), 16 deletions(-)
>
> diff --git a/drivers/nvme/host/ioctl.c b/drivers/nvme/host/ioctl.c
> index 999ebc1b700056..06f52db34be9bd 100644
> --- a/drivers/nvme/host/ioctl.c
> +++ b/drivers/nvme/host/ioctl.c
> @@ -10,16 +10,24 @@
>
Looks good.
Reviewed-by: Chaitanya Kulkarni <kch at nvidia.com>
-ck
More information about the Linux-nvme
mailing list