[PATCH v4] nvme: fix corruption for passthrough meta/data
Kanchan Joshi
joshiiitr at gmail.com
Fri Oct 13 11:35:17 PDT 2023
On Fri, Oct 13, 2023 at 9:17 PM Christoph Hellwig <hch at lst.de> wrote:
>
> On Fri, Oct 13, 2023 at 08:41:54PM +0530, Kanchan Joshi wrote:
> > It seems we will have two limitations with this approach - (i) sgl for
> > the external metadata buffer, and (ii) using sgl for data-transfer will
> > reduce the speed of passthrough io, perhaps more than what can happen
> > using the checks. And if we make the sgl opt-in, that means leaving the
> > hole for the case when this was not chosen.
>
> The main limitation is that the device needs to support SGLs, and
Indeed. Particularly on non-enterprise drives, SGL is a luxury.
> we need to as well (we currently don't for metadata). But for any
> non-stupid workload SGLs should be at least as fast if not faster
> with modern hardware.
But nvme-pcie selects PRP for the small IO.
> But I see no way out.
> Now can we please get a patch to disable the unprivileged passthrough
> ASAP to fix this probably exploitable hole? Or should I write one?
I can write. I was waiting to see whether Keith has any different
opinion on the route that v4 takes.
It seems this is a no go from him.
Disabling is possible with a simple patch that just returns false from
nvme_cmd_allowed() if CAP_SYS_ADMIN is not present.
I assume that is not sought? But a deep revert that removes all the
things such as carrying the file-mode to various functions.
Hope tomorrow is ok for that.
More information about the Linux-nvme
mailing list