[PATCH 3/3] nvme: don't allow unprivileged passthrough on partitions
Hannes Reinecke
hare at suse.de
Thu Jan 12 05:23:06 PST 2023
On 1/8/23 17:50, Christoph Hellwig wrote:
> Passthrough commands can always access the entire device, and thus
> submitting them on partitions is an privelege escalation.
>
> In hindsight we should have never allowed any passthrough commands on
> partitions, but it's probably too late to change that decision now.
>
> Fixes: e4fbcf32c860 ("nvme: identify-namespace without CAP_SYS_ADMIN")
> Signed-off-by: Christoph Hellwig <hch at lst.de>
> ---
> drivers/nvme/host/ioctl.c | 47 ++++++++++++++++++++++++++-------------
> 1 file changed, 31 insertions(+), 16 deletions(-)
>
Doesn't a similar argument hold for ctrl vs ns-specific commands?
Otherwise:
Reviewed-by: Hannes Reinecke <hare at suse.de>
Cheers,
Hannes
More information about the Linux-nvme
mailing list