[PATCH v4] nvme: fix corruption for passthrough meta/data

[Kanchan Joshi]

On Fri, Oct 13, 2023 at 9:17 PM Christoph Hellwig <hch at lst.de> wrote:
> The main limitation is that the device needs to support SGLs, and
> we need to as well (we currently don't for metadata).  But for any
> non-stupid workload SGLs should be at least as fast if not faster
> with modern hardware.  But I see no way out.

You may agree that it's a hardware-assisted way out. It is offloading
the checks to a SGL-capable device.
I wrote some quick code in that direction but could not readily get my
hands on a device that exposes metadata-with-sgl capability.
That reminded me that we are limiting unprivileged-passthrough to a
niche set of devices/users. That is the opposite of what the feature
was for.

OTOH, this patch implemented a software-only way out. There are some
checks, but someone (either SW or HW) has to do those to keep things
right.
The patch ensures the regular user cannot exploit the hole and that
the root user continues to work as before (Keith's concern).
So, I really wonder why we don't want to go for the way that solves it
generically.